Security researcher regenrecht reported via TippingPoint's Zero Day Initiative a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution. External Reference: http://www.mozilla.org/security/announce/2013/mfsa2013-17.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:0145 https://rhn.redhat.com/errata/RHSA-2013-0145.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:0144 https://rhn.redhat.com/errata/RHSA-2013-0144.html
These critical security issues apply to Thunderbird and Seamonkey, too.