Mozilla Firefox, SeaMonkey and Thunderbird,
which could be exploited by attackers to take complete control of an
affected system or bypass security restrictions.
The first issue is due to memory corruption errors in the layout and
JavaScript engines, which could be exploited by attackers to crash a
vulnerable application or execute arbitrary commands.
The second flaw is due to a buffer overflow error when using the CSS
cursor property to set the cursor to certain images on Windows, which
could be exploited by attackers to crash a vulnerable application or
execute arbitrary commands.
The third vulnerability is due to an error when handling the JavaScript
"watch()" function, which could be exploited by attackers to compromise
a vulnerable system.
The fourth issue is due to a memory corruption error in LiveConnect,
which could be exploited by attackers to crash a vulnerable application
or execute arbitrary commands.
The fifth flaw is due to an error when handling the "src" attribute of
an "IMG" element loaded in a frame, which could be exploited to conduct
cross site scripting attacks.
The sixth vulnerability is due to a memory corruption error when
appending an SVG comment DOM node from one document into another type
of document (e.g. HTML), which could be exploited by attackers to
compromise a vulnerable system.
The seventh issue is due to a buffer overflow error when processing
emails with an overly long "Content-Type" or "rfc2047-encoded" header,
which could be exploited by attackers to crash a vulnerable application
or execute arbitrary commands.
The eighth issue is due to an error in the "Feed Preview" feature,
which could be exploited by attackers to disclose certain information.
The ninth vulnerability is due to a Function prototype regression,
which could be exploited to bypass security restrictions and conduct
cross site scripting attacks.
Affected Products
Mozilla Firefox versions prior to 2.0.0.1
Mozilla Firefox versions prior to 1.5.0.9
Mozilla Thunderbird versions prior to 1.5.0.9
Mozilla SeaMonkey versions prior to 1.0.7
Solution
Upgrade to Mozilla Firefox version 2.0.0.1 or 1.5.0.9 :
http://www.mozilla.com/firefox/
Upgrade to Mozilla Thunderbird version 1.5.0.9 :
http://www.mozilla.com/thunderbird/
Upgrade to Mozilla SeaMonkey version 1.0.7 :
http://www.mozilla.org/projects/seamonkey/