Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw that may allow a remote denial of service. The issue is triggered when specially crafted JavaScript is processed by the browser. A memory corruption and application crash occurs which will result in loss of availability for the browser.

Upgrade Firefox to version 6 or higher, Thunderbird to version 6 or higher, and SeaMonkey to version 2.3 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• OVAL ID: 14303
• CVE ID: 2011-2991 (see also: NVD)
• Secunia Advisory ID: 45581 45667 45785 45802 45808 49055 51766
• Related OSVDB ID: 74581 74582 74583 74584 74585 74586 74587 74588 74589 74590 74591 74592 74593 74595 74596
• Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
• Vendor Specific Advisory URL: http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-31.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-33.html
  http://www.suse.com/support/security/advisories/2011_37_firefox.html
• Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-updates/2011-08/msg00043.html
  http://lists.opensuse.org/opensuse-updates/2012-04/msg00066.html
  http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
  https://bugzilla.mozilla.org/show_bug.cgi?id=655660 [ Auth Req'd ]

• Vivekanand Bolajwar