RETIRED: Mozilla Multiple Products March 30, 2010 Remote Vulnerabilities

The Mozilla Foundation has released six security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary machine code in the context of the vulnerable application
- crash affected applications
- run arbitrary script code with elevated privileges.

Other attacks may also be possible.

These issues are fixed in:

- Mozilla Firefox 3.0.19, 3.5.9, and 3.6.2
- Mozilla Thunderbird 3.04
- Mozilla SeaMonkey 2.0.4

The following individual records exist to better document the issues:

39125 Mozilla Firefox CVE-2010-0173 Multiple Remote Memory Corruption Vulnerabilities
39122 Mozilla Firefox CVE-2010-0174 Multiple Remote Memory Corruption Vulnerabilities
39123 Mozilla Firefox/Thunderbird/SeaMonkey XUL Tree Item Remote Code Execution Vulnerability
39128 Mozilla Firefox/Thunderbird/SeaMonkey 'optgroup' XUL Tree Remote Code Execution Vulnerability
39133 Mozilla Firefox and SeaMonkey 'window.navigator.plugins' Object Remote Code Execution Vulnerability
39137 Mozilla Firefox and SeaMonkey URI drag-and-drop Chrome Privilege Escalation Vulnerability
39124 Mozilla Firefox And SeaMonkey 'XMLHttpRequestSpy' Arbitrary Code Execution Vulnerability


Privacy Statement
Copyright 2010, SecurityFocus