Mozilla Products Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Mozilla Firefox, SeaMonkey and Thunderbird which could be exploited by attackers to manipulate or disclose certain data, bypass security restrictions or compromise a vulnerable system.

1. A memory corruption errors in the JavaScript and browser engines when parsing malformed data, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.

2. Due to memory corruption errors in liboggplay when processing malformed audio and video data, which could be exploited to crash a vulnerable browser or execute arbitrary code.

3. Due to integer overflow and input validation errors in the Theora video library (libtheora) when processing malformed data, which could be exploited to crash a vulnerable browser or execute arbitrary code.

4. An error in the NTLM implementation, which could allow reflection attacks in which NTLM credentials from one application could be forwarded to another arbitary application via the browser.

5. The errors when processing the "document.location" property, which could allow attackers to spoof the URL in the location bar or display the SSL indicator near the location bar while visiting an insecure web page.

6. An error when handling the "window.opener" property, which could allow attackers to execute arbitrary JavaScript code with chrome privileges.

7. Due to "GeckoActiveXObject" generating different exception messages based on whether or not the requested COM object's ProgID is present in the system registry, which could allow attackers to enumerate a list of COM objects installed on a system.