mozilla -- multiple vulnerabilities

Description:

The Mozilla Project reports:

MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

MFSA 2010-35 DOM attribute cloning remote code execution vulnerability

MFSA 2010-36 Use-after-free error in NodeIterator

MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability

MFSA 2010-38 Arbitrary code execution using SJOW and fast native function

MFSA 2010-39 nsCSSValue::Array index integer overflow

MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability

MFSA 2010-41 Remote code execution using malformed PNG image

MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts

MFSA 2010-43 Same-origin bypass using canvas context

MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish

MFSA 2010-45 Multiple location bar spoofing vulnerabilities

MFSA 2010-46 Cross-domain data theft using CSS

MFSA 2010-47 Cross-origin data leakage from script filename in error messages

References:

• CVE name CVE-2010-0654
• CVE name CVE-2010-1205
• CVE name CVE-2010-1206
• CVE name CVE-2010-1207
• CVE name CVE-2010-1208
• CVE name CVE-2010-1209
• CVE name CVE-2010-1210
• CVE name CVE-2010-1211
• CVE name CVE-2010-1212
• CVE name CVE-2010-1213
• CVE name CVE-2010-1214
• CVE name CVE-2010-1215
• CVE name CVE-2010-2751
• CVE name CVE-2010-2752
• CVE name CVE-2010-2753
• CVE name CVE-2010-2754
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-34.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-35.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-36.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-37.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-38.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-39.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-40.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-41.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-42.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-43.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-44.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-45.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-46.html>
• URL: <http://www.mozilla.org/security/announce/2010/mfsa2010-47.html>

Affects:

• firefox >3.6.*,1 <3.6.7,1
• firefox >3.5.*,1 <3.5.11,1
• linux-firefox <3.6.7,1
• linux-firefox-devel <3.5.11
• seamonkey >2.0.* <2.0.6
• thunderbird >=3.0 <3.0.6

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.