FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
		firefox	<	2.0.0.5,1
3.*,1	<	firefox	<	3.0.a2_3,1
		linux-firefox	<	2.0.0.5
		linux-thunderbird	<	2.0.0.5
		mozilla-thunderbird	<	2.0.0.5
		thunderbird	<	2.0.0.5
		linux-seamonkey	<	1.1.3
		seamonkey	<	1.1.3
		linux-firefox-devel	<	3.0.a2007.12.12
		linux-seamonkey-devel	<	2.0.a2007.12.12
0	<	firefox-ja
0	<	linux-mozilla
0	<	linux-mozilla-devel
0	<	mozilla

Details

VuXML ID	e190ca65-3636-11dc-a697-000c6ec775d9
Discovery	2007-07-17
Entry	2007-07-19
Modified	2008-06-21

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.

MFSA 2007-25 XPCNativeWrapper pollution

MFSA 2007-24 Unauthorized access to wyciwyg:// documents

MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document

MFSA 2007-20 Frame spoofing while window is loading

MFSA 2007-19 XSS using addEventListener and setTimeout

MFSA 2007-18 Crashes with evidence of memory corruption

[source]

References

CVE Name	CVE-2007-3089
CVE Name	CVE-2007-3734
CVE Name	CVE-2007-3735
CVE Name	CVE-2007-3737
CVE Name	CVE-2007-3738
URL	http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5
URL	http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
URL	http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
URL	http://www.mozilla.org/security/announce/2007/mfsa2007-20.html
URL	http://www.mozilla.org/security/announce/2007/mfsa2007-21.html
URL	http://www.mozilla.org/security/announce/2007/mfsa2007-24.html
URL	http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
US-CERT Technical Cyber Security Alert	TA07-199A