Wednesday, July 21, 2010

New Updates For Mozilla Products

Mozilla has released security bulletins related to found issues in some of their products. Eight of the fixed vulnerabilities are categorized as critical, two as high and other four as moderate.

Critical:
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-36 Use-after-free error in NodeIterator
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Thunderbird 3.1.x series prior 3.1.1

MFSA 2010-39 nsCSSValue::Array index integer overflow
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-41 Remote code execution using malformed PNG image
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

High:
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-43 Same-origin bypass using canvas context
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Thunderbird 3.1.x series prior 3.1.1

Moderate:
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Thunderbird 3.1.x series prior 3.1.1

MFSA 2010-45 Multiple location bar spoofing vulnerabilities
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-46 Cross-domain data theft using CSS
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-47 Cross-origin data leakage from script filename in error messages
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

No comments: