RETIRED: Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities
BID:38918
Info
RETIRED: Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities
| Bugtraq ID: | 38918 |
| Class: | Unknown |
| CVE: |
CVE-2010-0168 CVE-2010-0171 CVE-2010-0167 CVE-2010-0166 CVE-2010-0165 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2010 12:00AM |
| Updated: | Mar 24 2010 09:03PM |
| Credit: | regenrecht, Blake Kaplan, Mozilla developers and community, moz_bug_r_a4, Josh Soref of Nokia, Wladimir Palant, Justin Dolske |
| Vulnerable: |
Mozilla Thunderbird 3.0.1 Mozilla Thunderbird 3.0 Mozilla SeaMonkey 2.0.2 Mozilla SeaMonkey 2.0.1 Mozilla SeaMonkey 2.0 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 3.0.17 Mozilla Firefox 3.0.16 Mozilla Firefox 3.0.15 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.7 Beta Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.1 Mozilla Firefox 3.6 Mozilla Firefox 3.0 |
| Not Vulnerable: |
Mozilla Thunderbird 3.0.2 Mozilla SeaMonkey 2.0.3 Mozilla Firefox 3.6.2 Mozilla Firefox 3.5.8 Mozilla Firefox 3.0.18 |
Discussion
RETIRED: Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities
The Mozilla Foundation has released multiple advisories to address vulnerabilities in Firefox, Thunderbird and SeaMonkey.
This BID is being retired; the following individual records now document these issues:
38919 Mozilla Firefox 'window.location' Same Origin Policy Security Bypass Vulnerability
38920 Mozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure Vulnerability
38921 Mozilla Firefox 'multipart/x-mixed-replace' Image Remote Memory Corruption Vulnerability
38922 Mozilla Firefox Cached XUL Stylesheets Security Bypass Vulnerability
38927 Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability
38939 Mozilla Firefox 'TraceRecorder::traverseScopeChain()' Remote Memory Corruption Vulnerability
38943 Mozilla Firefox 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption Vulnerability
38944 Mozilla Firefox/Thunderbird/Seamonkey CVE-2010-0167 Multiple Memory Corruption Vulnerabilities
38946 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Cross Domain Scripting Vulnerabilities
The Mozilla Foundation has released multiple advisories to address vulnerabilities in Firefox, Thunderbird and SeaMonkey.
This BID is being retired; the following individual records now document these issues:
38919 Mozilla Firefox 'window.location' Same Origin Policy Security Bypass Vulnerability
38920 Mozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure Vulnerability
38921 Mozilla Firefox 'multipart/x-mixed-replace' Image Remote Memory Corruption Vulnerability
38922 Mozilla Firefox Cached XUL Stylesheets Security Bypass Vulnerability
38927 Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability
38939 Mozilla Firefox 'TraceRecorder::traverseScopeChain()' Remote Memory Corruption Vulnerability
38943 Mozilla Firefox 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption Vulnerability
38944 Mozilla Firefox/Thunderbird/Seamonkey CVE-2010-0167 Multiple Memory Corruption Vulnerabilities
38946 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Cross Domain Scripting Vulnerabilities
Solution / Fix
RETIRED: Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
RETIRED: Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities
References:
References:
- Fixed in Firefox 3.6.2 (Mozilla Foundation)
- MFSA 2010-09 - Deleted frame reuse in multipart/x-mixed-replace image (Mozilla Foundation)
- MFSA 2010-10 - XSS via plugins and unprotected Location object (Mozilla Foundation)
- MFSA 2010-11 - Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.8/ (Mozilla Foundation)
- MFSA 2010-12 - XSS using addEventListener and setTimeout on a wrapped object (Mozilla Foundation)
- MFSA 2010-13 - Content policy bypass with image preloading (Mozilla Foundation)
- MFSA 2010-14 - Browser chrome defacement via cached XUL stylesheets (Mozilla Foundation)
- MFSA 2010-15 - Asynchronous Auth Prompt attaches to wrong window (Mozilla Foundation)