Mozilla Products Code Execution and Security Bypass Vulnerabilities

Multiple vulnerabilitieshave been identified in Mozilla Firefox, Thunderbird and SeaMonkey, which could be exploited by attackers to manipulate or disclose certain data, bypass security restrictions or compromise a vulnerable system.

1. Due to a use-after-free error when handling "multipart/x-mixed-replace" images, which could allow attackers to crash an affected browser or execute arbitrary code.

2. Due to an error when handling "window.location" objects, which could allow cross-origin bypass via third-party plugins.

3. Due to memory corruption errors in the browser engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.

4. Due to an error when using "addEventListener" and "setTimeout" on a wrapped object, which could allow cross site scripting attacks.

5. Due to an error when preloading images, which could allow cross-site request forgery attacks against certain add-ons.

6. Due to an error when handling stylesheets used in remote XUL documents, which could allow a malicious website to pollute a user's XUL cache and change style attributes of the browser (e.g. font size and color).

7. Due to the new asynchronous Authorization Prompt (HTTP username and password) not always being attached to the correct window, which could allow attackers to conduct phishing attacks.