The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird
allows remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via vectors related
to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3)
MirrorWrappedNativeParent and js_LockGCThingRT.