Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.
lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
www.debian.org/security/2014/dsa-3090
www.debian.org/security/2014/dsa-3092
www.mozilla.org/security/announce/2014/mfsa2014-89.html
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
www.securityfocus.com/bid/71396
bugzilla.mozilla.org/show_bug.cgi?id=1074280
security.gentoo.org/glsa/201504-01