FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox -- multiple vulnerabilities

Affected packages
firefox < 2.0.0.20_3,1
3.*,1 < firefox < 3.0.6,1
linux-firefox < 3.0.6
linux-firefox-devel < 3.0.6
0 < linux-seamonkey-devel
linux-seamonkey < 1.1.15
seamonkey < 1.1.15
linux-thunderbird < 2.0.0.21
thunderbird < 2.0.0.21

Details

VuXML ID 8b491182-f842-11dd-94d9-0030843d3802
Discovery 2009-02-04
Entry 2009-02-11
Modified 2009-12-12

Mozilla Foundation reports:

MFSA 2009-06: Directives to not cache pages ignored

MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies

MFSA 2009-04: Chrome privilege escalation via local .desktop files

MFSA 2009-03: Local file stealing with SessionStore

MFSA 2009-02: XSS using a chrome XBL method and window.eval

MFSA 2009-01: Crashes with evidence of memory corruption (rv:1.9.0.6)

References

CVE Name CVE-2009-0352
CVE Name CVE-2009-0353
CVE Name CVE-2009-0354
CVE Name CVE-2009-0355
CVE Name CVE-2009-0356
CVE Name CVE-2009-0357
CVE Name CVE-2009-0358
URL http://secunia.com/advisories/33799/
URL http://www.mozilla.org/security/announce/2009/mfsa2009-01.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-02.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-03.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-04.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-05.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-06.html