Mozilla Products Multiple Vulnerabilities

Multiple vulnerabilitieshave been identified in Mozilla Firefox, Thunderbird and SeaMonkey, which could be exploited by attackers to manipulate or disclose certain data, bypass security restrictions or compromise a vulnerable system.

1. Due to memory corruption errors in the browser engine when parsing malformed data, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.

2. Due to a use-after-free error in the DOM attribute cloning routine, which could be exploited by attackers to execute arbitrary code.

3. Due to a use-after-free error in the implementation of NodeIterator when detaching nodes from the DOM tree while it is being traversed, which could be exploited by attackers to execute arbitrary code.

4. Due to a buffer overflow error when storing the names and values of plugin parameter elements, which could be exploited by attackers to execute arbitrary code.

Update: An incorrect fix version (3.6.7) for this Mozilla Firefox plugin parameter array vulnerability was identified¡Arequires to upgrade to Mozilla Firefox version 3.6.8.

5. Due to an error when accessing a content object via SJOW, which could be exploited to execute arbitrary JavaScript with chrome privileges.

6. Due to an integer overflow error when processing CSS values, which could be exploited by attackers to execute arbitrary code.

7. Due to an integer overflow error in the implementation of the XUL "tree" element's selection attribute, which could be exploited by attackers to execute arbitrary code.

8. Due to a buffer overflow error when processing malformed PNG data, which could be exploited by attackers to execute arbitrary code.

9. Due to a same-origin validation error when using the Web Worker method "importScripts", which could be exploited to conduct cross-domain scripting attacks.

10. Due to a same-origin validation error when using canvas elements, which could be exploited to conduct cross-domain scripting attacks.

11. Due to undefined positions within various 8 bit character encodings being mapped to the U+FFFD sequence, which could be exploited to conduct cross site scripting attacks.

12. Due to errors when handling windows and redirections, which could allow attackers to spoof the content of the location bar.

13. Due to an error when handling CSS selectors, which could be exploited to read data across domains.

14. Due to an error when handling error messages, which could cause potentially sensitive URL parameters to be leaked across domains.