FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 2.0.0.17,1
3.*,1 < firefox < 3.0.2,1
linux-firefox < 2.0.0.17
linux-firefox-devel < 2.0.0.17
linux-seamonkey < 1.1.12
seamonkey < 1.1.12
linux-thunderbird < 2.0.0.17
thunderbird < 2.0.0.17
flock < 2.0
linux-flock < 2.0
0 < linux-seamonkey-devel

Details

VuXML ID 2273879e-8a2f-11dd-a6fe-0030843d3802
Discovery 2008-09-24
Entry 2008-09-24
Modified 2009-12-12

The Mozilla Foundation reports:

MFSA 2008-37
UTF-8 URL stack buffer overflow

MFSA 2008-38
nsXMLDocument::OnChannelRedirect() same-origin violation

MFSA 2008-39
Privilege escalation using feed preview page and XSS flaw

MFSA 2008-40
Forced mouse drag

MFSA 2008-41
Privilege escalation via XPCnativeWrapper pollution

MFSA 2008-42
Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)

MFSA 2008-43
BOM characters stripped from JavaScript before execution

MFSA 2008-44
resource: traversal vulnerabilities

MFSA 2008-45
XBM image uninitialized memory reading

References

CVE Name CVE-2008-0016
CVE Name CVE-2008-3835
CVE Name CVE-2008-3836
CVE Name CVE-2008-3837
CVE Name CVE-2008-4058
CVE Name CVE-2008-4059
CVE Name CVE-2008-4060
CVE Name CVE-2008-4061
CVE Name CVE-2008-4062
CVE Name CVE-2008-4063
CVE Name CVE-2008-4064
CVE Name CVE-2008-4065
CVE Name CVE-2008-4067
CVE Name CVE-2008-4068
CVE Name CVE-2008-4069
URL http://www.mozilla.org/security/announce/2008/mfsa2008-37.html
URL http://www.mozilla.org/security/announce/2008/mfsa2008-38.html
URL http://www.mozilla.org/security/announce/2008/mfsa2008-39.html
URL http://www.mozilla.org/security/announce/2008/mfsa2008-40.html
URL http://www.mozilla.org/security/announce/2008/mfsa2008-41.html
URL http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
URL http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
URL http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
URL http://www.mozilla.org/security/announce/2008/mfsa2008-45.html