Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
http://rhn.redhat.com/errata/RHSA-2013-0820.html
http://rhn.redhat.com/errata/RHSA-2013-0821.html
https://bugzilla.mozilla.org/show_bug.cgi?id=787283
https://bugzilla.mozilla.org/show_bug.cgi?id=808402
https://bugzilla.mozilla.org/show_bug.cgi?id=849597
https://bugzilla.mozilla.org/show_bug.cgi?id=852315
https://bugzilla.mozilla.org/show_bug.cgi?id=864558
https://bugzilla.mozilla.org/show_bug.cgi?id=866544
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17062
http://www.debian.org/security/2013/dsa-2699
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165
http://www.mozilla.org/security/announce/2013/mfsa2013-41.html
Published: 2013-05-16
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical