mozilla -- multiple vulnerabilities

Description:

The Mozilla Project reports:

MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)

MFSA 2010-50 Frameset integer overflow vulnerability

MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array

MFSA 2010-52 Windows XP DLL loading vulnerability

MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText

MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection

MFSA 2010-55 XUL tree removal crash and remote code execution

MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView

MFSA 2010-57 Crash and remote code execution in normalizeDocument

MFSA 2010-58 Crash on Mac using fuzzed font in data: URL

MFSA 2010-59 SJOW creates scope chains ending in outer object

MFSA 2010-60 XSS using SJOW scripted function

MFSA 2010-61 UTF-7 XSS by overriding document charset using object type attribute

MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS

MFSA 2010-63 Information leak via XMLHttpRequest statusText

References:

• CVE name CVE-2010-2762
• CVE name CVE-2010-2763
• CVE name CVE-2010-2764
• CVE name CVE-2010-2765
• CVE name CVE-2010-2766
• CVE name CVE-2010-2767
• CVE name CVE-2010-2768
• CVE name CVE-2010-2769
• CVE name CVE-2010-2770
• CVE name CVE-2010-2760
• CVE name CVE-2010-3131
• CVE name CVE-2010-3166
• CVE name CVE-2010-3167
• CVE name CVE-2010-3168
• CVE name CVE-2010-3169
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-49.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-50.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-51.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-52.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-53.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-54.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-55.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-56.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-57.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-58.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-59.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-60.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-61.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-62.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-63.html>

Affects:

• firefox >3.6.*,1 <3.6.9,1
• firefox >3.5.*,1 <3.5.12,1
• libxul >1.9.2.* <1.9.2.9
• linux-firefox <3.6.9,1
• linux-firefox-devel <3.5.12
• seamonkey >2.0.* <2.0.7
• thunderbird >=3.0 <3.0.7
• thunderbird >=3.1 <3.1.3

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.