Mozilla Suite Multiple Remote Vulnerabilities

Multiple remote vulnerabilities affect Mozilla Suite, Firefox, and Thunderbird, as reported in several Mozilla Foundation Security Advisories:

- 2005-28: An issue affecting the plugin functionality; temporary directories are created in an insecure manner.
- 2005-22: A dialog-spoofing vulnerability.
- 2005-21: A '.lnk' link file arbitrary file-overwrite vulnerability.
- 2005-20: An XSLT stylesheet information-disclosure vulnerability.
- 2005-19: An information-disclosure issue affecting the form auto-complete functionality.
- 2005-18: A buffer-overflow vulnerability.
- 2005-17: A dialog-spoofing vulnerability affecting installation confirmation.
- 2005-15: A heap-overflow vulnerability in UTF8 encoding.
- 2005-15: Multiple spoofing vulnerabilities affecting the SSL 'secure site' lock icon.

An attacker may leverage these issues to spoof dialog boxes and SSL 'secure site' icons, to carry out symbolic-link attacks, to execute arbitrary code, and to access potentially sensitive information.

Please note that this BID will be separated into individual BIDs as soon as further research into each of the vulnerabilities is completed, at which time this 'umbrella' BID will be retired.


Privacy Statement
Copyright 2010, SecurityFocus