Mozilla Products Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Mozilla Firefox, SeaMonkey and Thunderbird, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.

1. An error when using the canvas element in conjunction with an HTTP redirect, which could be exploited by attackers to bypass same-origin restrictions and gain access to content in other domains, or enumerate the software installed on a vulnerable system.

2. Due insufficient checks being performed to test whether the Flash module was properly dynamically unloaded, which could be exploited to cause a malicious SWF file to access arbitrary memory addresses and execute arbitrary code.

3. An error when tampering with the window.__proto__.__proto__ object, which could be exploited to cause the browser to place a lock on a non-native object, leading to a crash or code execution.

4. Due to "file:" URIs being given chrome privileges when opened in the same tab as a chrome page or a privileged "about:" page, which could be exploited to execute malicious JavaScript with chrome privileges but requires the attacker to place the malicious code locally on the vulnerable system.

5. A memory corruption errors in the layout and JavaScript engines, and within the rendering of graphics, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code.

6. An error in the browser's session restore feature, which can be exploited to bypass the same-origin policy and execute JavaScript in the context of another site, or execute code with chrome privileges.

7. A buffer overflow error when parsing the http-index-format MIME type, which could be exploited to execute arbitrary code.

8. An error in Mozilla's DOM constructing code when certain properties of a file input element are modified before it has finished initializing.

9. An error in the same-origin check in "nsXMLHttpRequest::NotifyEventListeners()" function, which could be exploited by attackers to execute JavaScript in the context of a different website.

10. An unspecified related to the use of the "-moz-binding" CSS property, which can be exploited to bypass security checks which validate codebase principals.

11. An input validation error when parsing the default namespace in an E4X document, which could be exploited to inject data.