13 Feb 2012
Mozilla Firefox 10.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error in the "nsXBLDocumentInfo::ReadPrototypeBindings()" method when handling XBL bindings in a hash table and can be exploited to cause a cycle collector to call an invalid virtual function.
Successful exploitation may allow execution of arbitrary code.
Update Firefox and Thunderbird to version 10.0.1 and SeaMonkey to version 2.7.1
The vendor credits Andrew McCreight and Olli Pettay, Mozilla developers.