Technical Description
Multiple
vulnerabilitieshave been identified in Mozilla Firefox, SeaMonkey, and Thunderbird,which may be exploited by remote attackers to take complete control ofan affected system, bypass security restrictions, or disclose sensitiveinformation.
The first issue is due to an error where JavaScript references to"frame" or "window" objects are not properly cleared when thereferenced content is deleted, which could be exploited by attackers toexecute arbitrary commands via a malicious web page or email.
The second vulnerability is due to an error when assigning speciallycrafted values to the "window.navigator" object, which could beexploited by attackers to compromise a vulnerable system by tricking auser into visiting a malicious web page.
The third flaw is due to a memory corruption error when handlingsimultaneous XPCOM events, which could be exploited by attackers toexecute arbitrary commands via a malicious web page or email.
The fourth flaw is due to an error when accessing native DOM methods,which could be exploited by remote attackers to gain unauthorizedaccess to sensitive data (e.g. cookies).
The fifth issue is due to an error when deleting temporary variablesbeing used in the creation of new Function objects, which could beexploited by attackers to compromise a vulnerable system via amalicious web page or email message.
The sixth vulnerability is due to a heap overflow error when processinga VCard attachment containing a malformed base64 field (e.g. photo),which could be exploited by attackers to execute arbitrary commands.
The seventh issue is due to an error when deleting temporary objects,which could be exploited by attackers to compromise a vulnerable systemvia a malicious web page or email message.
The eighth vulnerability is due to integer overflow errors whenprocessing overly long strings passed to the "toSource()" methods,which could be exploited by attackers to execute arbitrary commands.
The ninth flaw is due to an error in the "Object()" constructor, whichcould be exploited by attackers to compromise a vulnerable system via amalicious web page or email message.
The tenth issue is due to a privilege escalation error when handlingspecially crafted Proxy AutoConfig (PAC) scripts, which could beexploited by remote attackers to bypass security restrictions.
The eleventh flaw is due to errors in the "UniversalBrowserRead" and"UniversalBrowserWrite" permissions, which could be exploited bymalicious scripts to obtain elevated privileges and install arbitraryprograms on a vulnerable system.
The twelfth vulnerability is due to an error when processing speciallycrafted "XPCNativeWrapper" objects, which could be exploited bymalicious people to conduct cross site scripting attacks.
The thirteenth flaw is due to various memory corruption errors, whichcould be exploited by malicious people to compromise a vulnerablesystem via a malicious web page.
The fourteenth issue is due to an error when handling chrome URLs,which could be exploited by malicious people to execute arbitraryscripts with elevated privileges.
Affected Products
Mozilla Firefox version 1.5.0.4 and prior
Mozilla Thunderbird version 1.5.0.4 and prior
Mozilla SeaMonkey version 1.0.2 and prior
Solution
Upgrade to Firefox 1.5.0.5, SeaMonkey 1.0.3, and Thunderbird 1.5.0.5 :
http://www.mozilla.org/products/
