Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities

Last Update Date: 15 Mar 2012 15:01 Release Date: 15 Mar 2012 4671 Views

RISK: High Risk

TYPE: Clients - Browsers

Multiple vulnerabilities have been identified in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.

A use-after-free error exists within shlwapi.dll when closing a child window that uses the file open dialog, and the "nsSMILTimeValueSpec::ConvertBetweenTimeContainers()" function when handling certain SVG animation.
An error when handling certain drag and drop actions and Content Security Policy headers can be exploited to conduct cross-site scripting attacks.
An out-of-bounds read error in SVG filters can be exploited to disclose certain data.
An error when handling "javascript:" home page can be exploited to execute script code in "about:sessionrestore" context.
An unspecified error exists when accessing a keyframe's cssText after dynamic modification.
The window.fullScreen property does not properly enforce the mozRequestFullscreen policy, which can be exploited to bypass the policy and spoof certain content.
Multiple unspecified errors can be exploited to corrupt memory.

Successful exploitation of vulnerabilities 1, 4, 5 and 7 may allow execution of arbitrary code.

Impact

Cross-Site Scripting
Remote Code Execution
Security Restriction Bypass
Information Disclosure

System / Technologies affected

Mozilla Firefox 3.6.x / 10.x
Mozilla Thunderbird 3.1.x / 10.x
Mozilla SeaMonkey 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Update to Firefox versions 11.0 or 10.0.3, Thunderbird versions 11.0 or 10.0.3, and SeaMonkey version 2.8.
Update to Firefox version 3.6.28 and Thunderbird version 3.1.20.

Vulnerability Identifier

Source

Secunia