CVE-2012-3989

Published: 09 October 2012

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (16.0)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (16.0+build1-0ubuntu1)
seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (2.13)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (16.0)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (16.0.1+build1-0ubuntu1)
xulrunner-1.9.2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist