mozilla -- multiple vulnerabilities

Description:

The Mozilla Project reports:

MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)

MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled

MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images

MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight()

MFSA 2011-23 Multiple dangling pointer vulnerabilities

MFSA 2011-24 Cookie isolation error

MFSA 2011-25 Stealing of cross-domain images using WebGL textures

MFSA 2011-26 Multiple WebGL crashes

MFSA 2011-27 XSS encoding hazard with inline SVG

MFSA 2011-28 Non-whitelisted site can trigger xpinstall

References:

• URL: <http://www.mozilla.org/security/announce/2011/mfsa2011-19.html>
• URL: <http://www.mozilla.org/security/announce/2011/mfsa2011-20.html>
• URL: <http://www.mozilla.org/security/announce/2011/mfsa2011-21.html>
• URL: <http://www.mozilla.org/security/announce/2011/mfsa2011-22.html>
• URL: <http://www.mozilla.org/security/announce/2011/mfsa2011-23.html>
• URL: <http://www.mozilla.org/security/announce/2011/mfsa2011-24.html>
• URL: <http://www.mozilla.org/security/announce/2011/mfsa2011-25.html>
• URL: <http://www.mozilla.org/security/announce/2011/mfsa2011-26.html>
• URL: <http://www.mozilla.org/security/announce/2011/mfsa2011-27.html>
• URL: <http://www.mozilla.org/security/announce/2011/mfsa2011-28.html>

Affects:

• firefox >3.5.*,1 <3.5.20,1
• firefox >3.6.*,1 <3.6.18,1
• firefox >4.0.*,1 <5.0,1
• linux-firefox <3.6.18,1
• thunderbird <3.1.11
• linux-thunderbird <3.1.11

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.