Multiple vulnerabilities have been identified in Mozilla Firefox, SeaMonkey and Thunderbird, which could be exploited by attackers to take complete control of an affected system or bypass security restrictions.
The first issue is due to memory corruption errors in the layout and JavaScript engines, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The second flaw is due to a buffer overflow error when using the CSS cursor property to set the cursor to certain images on Windows, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The third vulnerability is due to an error when handling the JavaScript "watch()" function, which could be exploited by attackers to compromise a vulnerable system.
The fourth issue is due to a memory corruption error in LiveConnect, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The fifth flaw is due to an error when handling the "src" attribute of an "IMG" element loaded in a frame, which could be exploited to conduct cross site scripting attacks.
The sixth vulnerability is due to a memory corruption error when appending an SVG comment DOM node from one document into another type of document (e.g. HTML), which could be exploited by attackers to compromise a vulnerable system.
The seventh issue is due to a buffer overflow error when processing emails with an overly long "Content-Type" or "rfc2047-encoded" header, which could be exploited by attackers to crash a vulnerable application or execute arbitrary commands.
The eighth issue is due to an error in the "Feed Preview" feature, which could be exploited by attackers to disclose certain information.
The ninth vulnerability is due to a Function prototype regression, which could be exploited to bypass security restrictions and conduct cross site scripting attacks.
The tenth issue is due to a memory corruption error in the "js_dtoa()" function when reducing the CPU's floating point precision (e.g. when loading a plugin creating a Direct3D device on Windows).
Credits
Vulnerabilities reported by Frederik Reiss, shutdown, Steven Michaud, moz_bug_r_a4, Zero Day Initiative, Georgi Guninski, David Bienvenu, and Jared Breland.
ChangeLog
2006-12-19 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
