FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
		firefox	<	1.5.0.7,1
2.*,1	<	firefox	<	2.0_1,1
		linux-firefox	<	1.5.0.7
		linux-seamonkey	<	1.0.5
		seamonkey	<	1.0.5
		linux-thunderbird	<	1.5.0.7
		mozilla-thunderbird	<	1.5.0.7
		thunderbird	<	1.5.0.7
		linux-firefox-devel	<	3.0.a2006.09.21
		linux-seamonkey-devel	<	1.5.a2006.09.21
0	<	linux-mozilla
0	<	linux-mozilla-devel
0	<	mozilla

Details

VuXML ID	e6296105-449b-11db-ba89-000c6ec775d9
Discovery	2006-09-14
Entry	2006-09-15
Modified	2006-11-02

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.

MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)

MFSA 2006-63 JavaScript execution in mail via XBL

MFSA 2006-62 Popup-blocker cross-site scripting (XSS)

MFSA 2006-61 Frame spoofing using document.open()

MFSA 2006-60 RSA Signature Forgery

MFSA 2006-59 Concurrency-related vulnerability

MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing

MFSA 2006-57 JavaScript Regular Expression Heap Corruption

[source]

References

Bugtraq ID	20042
CVE Name	CVE-2006-4253
CVE Name	CVE-2006-4340
CVE Name	CVE-2006-4565
CVE Name	CVE-2006-4566
CVE Name	CVE-2006-4567
CVE Name	CVE-2006-4568
CVE Name	CVE-2006-4569
CVE Name	CVE-2006-4570
CVE Name	CVE-2006-4571
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-57.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-58.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-59.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-61.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-62.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-63.html
URL	http://www.mozilla.org/security/announce/2006/mfsa2006-64.html