-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0037
 
Title: MMozilla Firefox/Thunderbird/SeaMonkey are prone to an Information Disclosure Vulnerability [1]

Version history:
16.03.2012 Initial publication

Summary
=======
An attacker can exploit this issue to disclose certain data from the user's memory. Information obtained may aid in further attacks.

CVE-2012-0456
CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) [4]

Vulnerable systems
==================
Firefox before 3.6.28 and 4.x through 10.0, 
Firefox ESR 10.x before 10.0.3, 
Thunderbird before 3.1.20 and 5.0 through 10.0, 
Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 [2]

Original Details
================

Two issues were found with Firefox's handling of SVG using the Address Sanitizer tool. The first issue, critically rated, is a use-after-free in SVG animation that could potentially lead to arbitrary code execution. The second issue is rated moderate and is an out of bounds read in SVG Filters. This could potentially incorporate data from the user's memory, making it accessible to the page content

What can you do?
================

Software updates that address these vulnerabilities are available from the vendor [3]

What to tell your users?
========================
N/A

More information
================
[1]http://www.securityfocus.com/bid/52461/info
[2]http://www.axetel.com/2012/03/cve-2012-0456/
[3]https://www.mozilla.org/security/announce/2012/mfsa2012-14.html
[4]Information about CVSS: http://www.first.org/cvss/cvss-guide.html

Best regards,
CERT-EU
CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383

(DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are 
not yet fully functional. Announcements, alerts and warnings are sent out in best  effort manner, and to contact information currently known to us. We 
apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting 
are subject  to change in the future. Contact information or even the team name may change as well.)

-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.39

iQJXBAEBAgBBBQJPY2MmOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp
b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4PH1A//Vnl5z7e2
6QRwBSfym4/VULvoRj/8Mn6FaoRFRUZBqNexLbQKR2pXHRxRjNEzwkJh0rqsog/Q
B6WSygbzIY4SCftAQ4i188ZxvmhAINfy+8t5GXceRPV1zhz/ZMgiaMudNlxMoZIF
WpugdzMwRJV7HlEA7btwtt6GPqERdeiM+AOXMIgrsvFNcKgNngD04jKQqV2kPKMy
f3lSnZfjEPDH37vm/aBh1OwoMs6Pmr3MQbpLxQKX4v16hl3eB3N8IQpwB2zMOyD6
WB7yaIEuDQZrBAPX2yJ5hQYF0fHnTqu4fMz8ZQSI0H2RTIVsLLeoiJn5Ak9fobvm
osp+wcDCHzKImiS6+2w0L0wlgTpc23QwzNBmymMArCu+uA3LHLM4YOjNDUcmU1qD
SzqB/52yDSSNUnLfDx9SoPSicMurI3QJ8oNuXj6uAiXaz3rE+IcpaD5pAksdQ26p
F/mIG/W6+CD+Km8BGGNMmRibSlLePRKLko7/Pkx9/ziuRc5z1cRJfLOXXlyb7NV0
Up9ExjkMIKUBfrE09b5nLI9x3asam7P3K2aopG0UeZHD2cKzhSaM18z0uiQYyKAX
+cnxuS+IZ0G1cHdSbigEJyWAnsP/4A3bpebjf2QbQztY8dFWkzr4/Fe4gO6gRU42
veSHkBPq4+JwOlVBkquVG758HpC1rfAMLD0=
=koxy
-----END PGP SIGNATURE-----