Mozilla Products Multiple Vulnerabilities

Multiple vulnerabilities reported in Mozilla Firefox, Seamonkey and Thunderbird. A remote user can cause arbitrary code to be executed on the target user's system, inject scripting code, and spoof portions of the page.

1. A remote user can create specially crafted content that, when loaded by the target user, will trigger a memory corruption error, use-after-free memory error, buffer overflow, access control error, or other flaw and execute arbitrary code on the target system. The code will run with the privileges of the target user.
2. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will run in the security context of an arbitrary site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
3. A remote user can exploit a flaw in the processing of <select> elements to spoof portions of a page.
4. A remote user can create specially crafted HTML that, when loaded by the target user, will access recently visited URLs and URL parameters. Only version 16.0 is affected.