Multiple Mozilla/Firefox/Thunderbird Vulnerabilities

BID:12407

Info

Multiple Mozilla/Firefox/Thunderbird Vulnerabilities

Bugtraq ID: 12407
Class: Unknown
CVE: CVE-2005-0141
CVE-2005-0143
CVE-2005-0144
CVE-2005-0145
CVE-2005-0146
CVE-2005-0147
CVE-2005-0148
CVE-2005-0149
CVE-2005-0150
Remote: Yes
Local: No
Published: Jan 31 2005 12:00AM
Updated: Jan 25 2007 04:21PM
Credit: Omar Khan <[email protected]>, Michiel van Leeuwen (email: mvl+moz@) <[email protected]>, Tom Braun <[email protected]>, Christopher Nebergall <[email protected]>, Jesse Ruderman <[email protected]>, and Kohei Yoshino <[email protected]> are cre
Vulnerable: SGI ProPack 3.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
Redhat Linux 9.0 i386
Redhat Linux 7.3 i686
Redhat Linux 7.3 i386
Redhat Linux 7.3
Redhat Fedora Core3
Redhat Fedora Core2
Redhat Fedora Core1
Redhat Enterprise Linux WS 3
Redhat Enterprise Linux WS 2.1 IA64
Redhat Enterprise Linux WS 2.1
Redhat Enterprise Linux ES 3
Redhat Enterprise Linux ES 2.1 IA64
Redhat Enterprise Linux ES 2.1
Redhat Enterprise Linux AS 3
Redhat Enterprise Linux AS 2.1 IA64
Redhat Enterprise Linux AS 2.1
Redhat Desktop 3.0
Redhat Advanced Workstation for the Itanium Processor 2.1 IA64
Redhat Advanced Workstation for the Itanium Processor 2.1
Netscape Netscape 7.2
Netscape Netscape 7.1
Netscape Netscape 7.0
Mozilla Thunderbird 0.9
Mozilla Thunderbird 0.8
Mozilla Thunderbird 0.7.3
Mozilla Thunderbird 0.7.2
Mozilla Thunderbird 0.7.1
Mozilla Thunderbird 0.7
Mozilla Thunderbird 0.6
Mozilla Firefox 0.10.1
Mozilla Firefox 0.10
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.8
Mozilla Firefox Preview Release
Mozilla Firebird 0.7
Mozilla Firebird 0.6.1
Mozilla Firebird 0.5
Mozilla Browser 1.7.6
+ HP HP-UX B.11.23
 + HP HP-UX B.11.23
 + HP HP-UX B.11.22
 + HP HP-UX B.11.22
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.00
 + HP HP-UX B.11.00
 + Redhat Desktop 4.0
+ Redhat Desktop 4.0
+ Redhat Enterprise Linux AS 4
 + Redhat Enterprise Linux AS 4
 + Redhat Enterprise Linux ES 4
 + Redhat Enterprise Linux ES 4
 + Redhat Enterprise Linux WS 4
 + Redhat Enterprise Linux WS 4
 + Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
 + Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0
Mozilla Browser 1.7.4
Mozilla Browser 1.7.3
+ HP HP-UX B.11.23
 + HP HP-UX B.11.22
 + HP HP-UX B.11.22
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.11
 + HP HP-UX B.11.00
 + HP HP-UX B.11.00
 + HP Tru64 5.1 B-2 PK4 (BL25)
 + HP Tru64 5.1 B-2 PK4 (BL25)
 + HP Tru64 5.1 B-2 PK4
 + HP Tru64 5.1 B-2 PK4
 + HP Tru64 5.1 B PK4
 + HP Tru64 5.1 B PK4
 + HP Tru64 5.1 A PK6 (BL24)
 + HP Tru64 5.1 A PK6 (BL24)
 + HP Tru64 5.1 A PK6
 + HP Tru64 5.1 A PK6
 Mozilla Browser 1.7.2
Mozilla Browser 1.7.1
Mozilla Browser 1.7 rc3
Mozilla Browser 1.7 rc2
Mozilla Browser 1.7 rc1
Mozilla Browser 1.7 beta
Mozilla Browser 1.7 alpha
Mozilla Browser 1.7
Mozilla Browser 1.6
Mozilla Browser 1.5.1
Mozilla Browser 1.5
Mozilla Browser 1.4.4
Mozilla Browser 1.4.2
Mozilla Browser 1.4.1
Mozilla Browser 1.4 b
Mozilla Browser 1.4 a
Mozilla Browser 1.4
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
Mozilla Browser 1.3.1
Mozilla Browser 1.3
Mozilla Browser 1.2.1
Mozilla Browser 1.2 Beta
Mozilla Browser 1.2 Alpha
Mozilla Browser 1.2
Mozilla Browser 1.1 Beta
Mozilla Browser 1.1 Alpha
Mozilla Browser 1.1
Mozilla Browser 1.0.2
Mozilla Browser 1.0.1
Mozilla Browser 1.0 RC2
Mozilla Browser 1.0 RC1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
Mozilla Browser 1.0
+ Mandriva Linux Mandrake 8.2 ppc
 + Mandriva Linux Mandrake 8.2
+ Redhat Linux 8.0 i386
 + Redhat Linux 8.0
Mozilla Browser 0.9.48
Mozilla Browser 0.9.35
Mozilla Browser 0.9.9
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
+ Redhat Linux 7.3 i386
 + Redhat Linux 7.3
+ Redhat Linux 7.2 i686
 + Redhat Linux 7.2 i586
 + Redhat Linux 7.2 i386
 + Redhat Linux 7.2
Mozilla Browser 0.9.8
- Apple Mac OS 9 9.2.2
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 - Microsoft Windows XP 0
 Mozilla Browser 0.9.7
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 - Microsoft Windows XP 0
 Mozilla Browser 0.9.6
Mozilla Browser 0.9.5
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 - Microsoft Windows XP 0
 Mozilla Browser 0.9.4 .1
Mozilla Browser 0.9.4
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 - Microsoft Windows XP 0
 Mozilla Browser 0.9.3
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 - Microsoft Windows XP 0
 Mozilla Browser 0.9.2 .1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 - Microsoft Windows XP 0
 Mozilla Browser 0.9.2
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 - Microsoft Windows XP 0
 Mozilla Browser 0.8
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.00
Not Vulnerable: Netscape Netscape 8.0
Mozilla Thunderbird 1.0
Mozilla Firefox 1.0
+ Gentoo Linux
+ Gentoo Linux
+ S.u.S.E. Linux Personal 9.2 x86_64
 + S.u.S.E. Linux Personal 9.2 x86_64
 + S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
+ Slackware Linux 10.1
+ Slackware Linux 10.0
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.1
+ Slackware Linux -current
 + Slackware Linux -current
 Mozilla Browser 1.7.5
+ HP Tru64 5.1 B-2 PK4 (BL25)
 + HP Tru64 5.1 B-2 PK4
 + HP Tru64 5.1 B-2 PK4
 + HP Tru64 5.1 B PK4
 + HP Tru64 5.1 B PK4
 + HP Tru64 5.1 A PK6 (BL24)
 + HP Tru64 5.1 A PK6 (BL24)
 + HP Tru64 5.1 A PK6
 + HP Tru64 5.1 A PK6

Discussion

Multiple Mozilla/Firefox/Thunderbird Vulnerabilities

Mozilla, Firefox, and Thunderbird applications are reported prone to multiple vulnerabilities. The following specific issues are reported:

- Access-control bypass (Mozilla and Firefox browsers). Although unconfirmed, this vulnerability presumably may be exploited to access information pertaining to a target filesystem. For example, an attacker may be able to determine whether a file exists or not.

This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5.

- Status-bar misrepresentation (Mozilla and Firefox browsers). A remote attacker may exploit this vulnerability to aid in phishing-style attacks (e.g. to make a malicious site appear authentic).

This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5.

- Additional status-bar misrepresentation (Mozilla and Firefox browsers). Using JavaScript to automate the process, a remote attacker may exploit this vulnerability to aid in phishing-style attacks (e.g. to make a malicious site appear authentic).

This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5.

- Mozilla and Firefox browsers provide functionality (Alt-Click) to download files that are linked by URIs to the default download location without requiring a user prompt. Reports indicate that a malicious site may exploit this functionality to download a file to the default download location without user interaction.

This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0.

- Clipboard information-disclosure vulnerability (Mozilla and Firefox browsers). A remote attacker may exploit this vulnerability to steal clipboard contents, which may reveal potentially sensitive information to a remote attacker.

This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5.

- Additional information-disclosure vulnerability (Mozilla and Firefox browsers). A remote malicious server may invoke a request against a vulnerable browser and the browser will respond with proxy-authentication credentials.

This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5.

- Mozilla Thunderbird erroneously responds to cookie requests that are contained in HTML-based email. Reportedly, a remote attacker may exploit this vulnerability to track emails to victim users.

This vulnerability is reported to affect Thunderbird versions 0.6 to 0.9 and Mozilla Suite 1.7 to 1.7.3.

- Local code-execution vulnerability (Mozilla Firefox). The vulnerability exists in the Livefeed bookmark functionality. If, for example, 'about:config' is displayed when the Livefeed is updated, then arbitrary code execution may reportedly occur on the affected computer.

This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0.

- Mozilla Thunderbird reportedly fails to handle 'javascript:' URI links. The affected application employs the default handler for 'javascript:' URIs that is registered on the host operating system. This is incorrect behavior and may result in exposure to latent vulnerabilities due to a false sense of security.

This vulnerability is reported to affect Mozilla Thunderbird versions prior to 0.9.

This BID will be separated into individual BIDs as soon as further research into each of the vulnerabilities is completed.

Exploit / POC

Multiple Mozilla/Firefox/Thunderbird Vulnerabilities

Proof-of-concept exploits to trigger these vulnerabilities can be found in the referenced Bugzilla entries associated with each of the issues.

Solution / Fix

Multiple Mozilla/Firefox/Thunderbird Vulnerabilities

Solution:
The vendor has released upgrades dealing with these issues.

Please see the referenced advisories for further information.


Redhat Fedora Core2

Mozilla Firefox 0.10

Mozilla Thunderbird 0.7.2

Mozilla Thunderbird 0.7.3

Mozilla Firefox 0.8

Mozilla Thunderbird 0.8

Mozilla Firefox 0.9

Mozilla Thunderbird 0.9

Mozilla Firefox 0.9.1

Mozilla Firefox 0.9.2

Mozilla Firefox 0.9.3

Mozilla Browser 0.9.9

Mozilla Browser 1.0

Mozilla Browser 1.0.1

Mozilla Browser 1.1

Mozilla Browser 1.2

Mozilla Browser 1.2.1

Mozilla Browser 1.4

Mozilla Browser 1.4 a

Mozilla Browser 1.4.1

Mozilla Browser 1.4.2

Mozilla Browser 1.5

Mozilla Browser 1.5.1

Mozilla Browser 1.7 rc1

Mozilla Browser 1.7

Mozilla Browser 1.7 rc2

Mozilla Browser 1.7.1

Mozilla Browser 1.7.2

Mozilla Browser 1.7.3

S.u.S.E. Linux Professional 10.0

Netscape Netscape 7.0

Netscape Netscape 7.1

Netscape Netscape 7.2

S.u.S.E. Linux Professional 9.1

S.u.S.E. Linux Professional 9.3

References

Multiple Mozilla/Firefox/Thunderbird Vulnerabilities

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report