FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 2.0.0.20_7,1
3.*,1 < firefox < 3.0.9,1
linux-firefox < 3.0.9
linux-firefox-devel < 3.0.9
0 < linux-seamonkey-devel
linux-seamonkey < 1.1.17
seamonkey < 1.1.17
linux-thunderbird < 2.0.0.22
thunderbird < 2.0.0.22

Details

VuXML ID 3b18e237-2f15-11de-9672-0030843d3802
Discovery 2009-04-21
Entry 2009-04-22
Modified 2009-12-12

Mozilla Foundation reports:

MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs

MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame

MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites

MFSA 2009-19: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

MFSA 2009-18: XSS hazard using third-party stylesheets and XBL bindings

MFSA 2009-17: Same-origin violations when Adobe Flash loaded via view-source: scheme

MFSA 2009-16: jar: scheme ignores the content-disposition: header on the inner URI

MFSA 2009-15: URL spoofing with box drawing character

MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

References

Bugtraq ID 34656
CVE Name CVE-2009-1302
CVE Name CVE-2009-1303
CVE Name CVE-2009-1304
CVE Name CVE-2009-1305
CVE Name CVE-2009-1306
CVE Name CVE-2009-1307
CVE Name CVE-2009-1308
CVE Name CVE-2009-1309
CVE Name CVE-2009-1310
CVE Name CVE-2009-1311
CVE Name CVE-2009-1312
URL http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-15.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-20.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
URL http://www.mozilla.org/security/announce/2009/mfsa2009-22.html