The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
AV:N/AC:L/Au:N/C:C/I:C/A:CMozilla Firefox
APPMozilla17.017.0.117.0.217.0.317.0.417.0.519.019.0.119.0.220.0≤ 20.0.1Mozilla Thunderbird
APPMozilla17.017.0.117.0.217.0.317.0.4≤ 17.0.5Mozilla Thunderbird Esr
APPMozilla17.017.0.117.0.217.0.317.0.417.0.5
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...