Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities

Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities

References:

Bug 413085 - 'ASSERTION: SetMayHaveFrame failed' and crash [@ nsCSSFrameConstr (Mozilla)
Bug 442227 - Crash [@ nsFrameManager::GetPrimaryFrameFor] with mathml, DOMAttr (Mozilla)
Bug 445177 - Crash [@ nsContentUtils::ComparePosition(nsINode*, nsINode*) ] wi (Mozilla)
Bug 461861 - Set aside the frame chain when firing synchronous events (Mozilla)
Bug 463350 - Crash [@ GetLastSpecialSibling] with -moz-column, fieldset, selec (Mozilla)
Bug 466763 - Crash [@ nsCSSFrameConstructor::ConstructFrame] with RTL, floatin (Mozilla)
Bug 468211 - Crash [@ nsCSSFrameConstructor::AdjustParentFrame] with DOMAttrMo (Mozilla)
Bug 472668 - Crash [@ nsFrame::GetBoxAscent] with binding, observes and DOMAtt (Mozilla)
Bug 472950 - 'ASSERTION: child list is not empty for initial reflow' with :fir (Mozilla)
Bug 491134 - nsDOMOfflineResourceList uses its own (unsafe) way to dispatch ev (Mozilla)
Thunderbird Homepage (Mozilla)
Vendor Homepage (Mozilla Foundation)
265068 Firefox (Sun)
Mozilla Foundation Security Advisory 2009-34 (Mozilla)
RHSA-2010:0153 thunderbird security update (Red Hat)
RHSA-2010:0154 thunderbird security update (Red Hat)

Privacy Statement
Copyright 2010, SecurityFocus