Mozilla Firefox / Thunderbird Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Mozilla Firefox / Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system, conduct cross-site scripting attacks, and obtain potentially sensitive information. A local user can obtain elevated privileges on the target system.

1. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger memory corruption errors and execute arbitrary code on the target system. The code will run with the privileges of the target user.
2. A remote user can access a content level constructor with chrome privileged access to write to objects that should be read-only and conduct cross-site scripting attacks.
3. A local user can exploit a flaw in the '<input>' control to determine the full path of a target file.
4. A local user on Windows-based systems can exploit a flaw in the Mozilla Maintenance Service to gain system privileges.
5. A remote user can trigger a use-after-free in the resizing of video during playback.
6. A remote user can trigger a uninitialized memory error in some DOMSVGZoomEvent() functions to obtain potentially sensitive information from memory.
7. A remote user can trigger an out-of-bounds read in SelectionIterator::GetNextSegment() and gfxSkipCharsIterator::SetOffsets().
8. A remote user can trigger an invalid write in _cairo_xlib_surface_add_glyph().
9. A remote user can trigger a use-after-free heap error in mozilla::plugins::child::_geturlnotify(), nsFrameList::FirstChild() and nsContentUtils::RemoveScriptBlocker().