|Description||Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DSA-2227-1, DSA-2228-1, DSA-2235-1|
|NVD severity||high (attack range: remote)|
The information below is based on the following data on fixed versions.
- xulrunner <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
- iceweasel <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)