VuXML: mozilla -- multiple vulnerabilities

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program.

MFSA 2006-29 Spoofing with translucent windows

MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented

MFSA 2006-26 Mail Multiple Information Disclosure

MFSA 2006-25 Privilege escalation through Print Preview

MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest

MFSA 2006-23 File stealing by changing input type

MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability

MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)

MFSA 2006-19 Cross-site scripting using .valueOf.call()

MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability

MFSA 2006-17 cross-site scripting through window.controllers

MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()

MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent

MFSA 2006-14 Privilege escalation via XBL.method.eval

MFSA 2006-13 Downloading executables with "Save Image As..."

MFSA 2006-12 Secure-site spoof (requires security warning dialog)

MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)

MFSA 2006-10 JavaScript garbage-collection hazard audit

MFSA 2006-09 Cross-site JavaScript injection using event handlers

[source]

CERT/CC Vulnerability Note	179014
CERT/CC Vulnerability Note	252324
CERT/CC Vulnerability Note	329500
CERT/CC Vulnerability Note	350262
CERT/CC Vulnerability Note	488774
CERT/CC Vulnerability Note	736934
CERT/CC Vulnerability Note	813230
CERT/CC Vulnerability Note	842094
CERT/CC Vulnerability Note	932734
CERT/CC Vulnerability Note	935556
CERT/CC Vulnerability Note	968814
CVE Name	CVE-2006-0749
CVE Name	CVE-2006-1045
CVE Name	CVE-2006-1529
CVE Name	CVE-2006-1530
CVE Name	CVE-2006-1531
CVE Name	CVE-2006-1723
CVE Name	CVE-2006-1724
CVE Name	CVE-2006-1725
CVE Name	CVE-2006-1726
CVE Name	CVE-2006-1727
CVE Name	CVE-2006-1728
CVE Name	CVE-2006-1729
CVE Name	CVE-2006-1730
CVE Name	CVE-2006-1731
CVE Name	CVE-2006-1732
CVE Name	CVE-2006-1733
CVE Name	CVE-2006-1734
CVE Name	CVE-2006-1735
CVE Name	CVE-2006-1736
CVE Name	CVE-2006-1737
CVE Name	CVE-2006-1738
CVE Name	CVE-2006-1739
CVE Name	CVE-2006-1740
CVE Name	CVE-2006-1741
CVE Name	CVE-2006-1742
CVE Name	CVE-2006-1790
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-18.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-19.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-20.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-22.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-25.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-26.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-28.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-29.html
URL	http://www.zerodayinitiative.com/advisories/ZDI-06-010.html
US-CERT Technical Cyber Security Alert	TA06-107A

mozilla -- multiple vulnerabilities

Details

References