Mandriva Linux Security Advisory 2013-237 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash. Various other issues were also addressed.
4df6d780c957375d37c25593963fc5e1842fc80c3ddda22c77a645e6dd88d036
Ubuntu Security Notice 1951-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered a flaw in the HTML5 Tree Builder when interacting with template elements. In some circumstances, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
ae7ff1f917c1950c5b6490ce8854e1e96917dda5d21236bc3d2616020543035e