Package Instance

Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact.
In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts.

Security researchers Tyson Smith and Jesse
Schwartzentruber of the BlackBerry Security Automated Analysis Team
used the Address Sanitizer tool while fuzzing to discover a user-after-free in
the functions for synthetic mouse movement handling. Security researcher
Atte Kettunen from OUSPG also reported a variant of the same
flaw. This issue leads to a potentially exploitable crash.
In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts.

Security researchers Tyson Smith and Jesse
Schwartzentruber of the BlackBerry Security Automated Analysis Team
used the Address Sanitizer tool while fuzzing to discover a mechanism where
inserting an ordered list into a document through script could lead to a
potentially exploitable crash that can be triggered by web content. 
In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts.

Firefox user Sijie Xia reported that if a user
explicitly removes the trust for extended validation (EV) capable root
certificates in the certificate manager, the change is not properly used when
validating EV certificates, causing the setting to be ignored. This removes the
ability of users to explicitly untrust root certificates from specific
certificate authorities.
This flaw does not affect certificates that are not extended
validation certificates. All other certificate validation checks do occur, the
error is the assumption that if Mozilla trusted the certificate, the user would
also.

Security researcher Nils used the Address Sanitizer tool
while fuzzing to discover a use-after-free problem in the table editing user
interface of the editor during garbage collection. This leads to a potentially
exploitable crash.

Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be exploited to run
arbitrary code.In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts.

Security researchers Tyson Smith and Jesse
Schwartzentruber of the BlackBerry Security Automated Analysis Team
used the Address Sanitizer tool while fuzzing to discover a user-after-free when
interacting with event listeners from the mListeners array. This
leads to a potentially exploitable crash.
In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts.

Google security researcher  Michal Zalewski reported issues
with JPEG format image processing with Start Of Scan (SOS) and Define Huffman
Table (DHT) markers in the libjpeg library. This could allow for the possible
reading of arbitrary memory content as well as cross-domain image theft.