Mozilla Products Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Mozilla Firefox, SeaMonkey and Thunderbird, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.

1. A stack overflow error when processing specially crafted UTF-8 URLs, which could be exploited by attackers to execute arbitrary code by tricking a user into following a malicious link.

2. An error in the same-origin check performed via "nsXMLDocument::OnChannelRedirect()", which could allow attackers to execute JavaScript in the context of a different website.

3. Input validation errors in feedWriter, which could be exploited to execute arbitrary scripts with chrome privileges.

4. An error when performing drag-and-drop actions, which could allow attackers to force a user to download a file by moving the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on.

5. Errors related to XPCnativeWrapper, which could allow attackers to execute arbitrary scripts with chrome privileges.

6. Memory corruption errors in the layout and JavaScript engines, and within the rendering of graphics, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

7. Due to certain BOM characters being stripped from JavaScript code before execution, which could be exploited to bypass or evade script filters and perform cross site scripting attacks.

8. Due to the HTML parser ignoring certain low surrogate characters if they were HTML-escaped, which could be exploited to bypass script filters and perform cross site scripting attacks.

9. Errors within the "resource:" protocol, which could be exploited to conduct directory traversal attacks and disclose sensitive information.

10. An error in the XBM decoder that allows random small chunks of uninitialized memory to be read, leading to information disclosure.