Mozilla Products Code Execution and Security Bypass Vulnerabilities

Multiple vulnerabilities have been identified in Mozilla Firefox, SeaMonkey and Thunderbird, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or compromise a vulnerable system.

1. A memory corruption errors in the JavaScript and layout engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

2. An error when handling a chrome XBL method used in conjunction with "window.eval", which could allow malicious web sites to violate the same origin policy and conduct cross domain scripting attacks.

3. An error exists because a form input control type of a closed tab can be changed when restoring a closed tab, which could allow attackers to disclose the contents of arbitrary files on a vulnerable system.

4. An error when processing certain ".desktop" shortcut files, which could be exploited to execute arbitrary code with chrome privileges.

5. Due to cookies marked "HTTPOnly" being readable by JavaScript through the "XMLHttpRequest.getResponseHeader" and "XMLHttpRequest.getAllResponseHeaders" APIs, which could be exploited to gain access to "document.cookie".

6. Due to the "Cache-Control: no-store" and "Cache-Control: no-cache" HTTP directives being ignored, which could cause potentially sensitive information to be cached by the browser, allowing malicious local users to disclose private data.