The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18902
https://bugzilla.mozilla.org/show_bug.cgi?id=883686
http://www.ubuntu.com/usn/USN-1952-1
http://www.ubuntu.com/usn/USN-1951-1
http://www.securityfocus.com/bid/62468
http://www.mozilla.org/security/announce/2013/mfsa2013-85.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html
http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html