FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 2.0.0.20_8,1
3.*,1 < firefox < 3.0.11,1
linux-firefox < 3.0.11
linux-firefox-devel < 3.0.11
linux-thunderbird < 2.0.0.22
thunderbird < 2.0.0.22
linux-seamonkey < 1.1.17
seamonkey < 1.1.17

Details

VuXML ID da185955-5738-11de-b857-000f20797ede
Discovery 2009-06-11
Entry 2009-06-12
Modified 2009-12-12

Mozilla Foundation reports:

MFSA 2009-32 JavaScript chrome privilege escalation

MFSA 2009-31 XUL scripts bypass content-policy checks

MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar

MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null

MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object

MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests

MFSA 2009-26 Arbitrary domain cookie access by local file: resources

MFSA 2009-25 URL spoofing with invalid unicode characters

MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)

References

CVE Name CVE-2009-1392
CVE Name CVE-2009-1832
CVE Name CVE-2009-1833
CVE Name CVE-2009-1834
CVE Name CVE-2009-1835
CVE Name CVE-2009-1836
CVE Name CVE-2009-1837
CVE Name CVE-2009-1838
CVE Name CVE-2009-1839
CVE Name CVE-2009-1840
CVE Name CVE-2009-1841
URL http://secunia.com/advisories/35331/
URL http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-32.html