• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: RETIRED: Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities

Severity: HIGH

Description:

The Mozilla Foundation has released multiple advisories to address vulnerabilities in Firefox, Thunderbird and SeaMonkey.

This BID is being retired; the following individual records now document these issues:

38919 Mozilla Firefox 'window.location' Same Origin Policy Security Bypass Vulnerability
38920 Mozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure Vulnerability
38921 Mozilla Firefox 'multipart/x-mixed-replace' Image Remote Memory Corruption Vulnerability
38922 Mozilla Firefox Cached XUL Stylesheets Security Bypass Vulnerability
38927 Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability
38939 Mozilla Firefox 'TraceRecorder::traverseScopeChain()' Remote Memory Corruption Vulnerability
38943 Mozilla Firefox 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption Vulnerability
38944 Mozilla Firefox/Thunderbird/Seamonkey CVE-2010-0167 Multiple Memory Corruption Vulnerabilities
38946 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Cross Domain Scripting Vulnerabilities

Affected Products:

• Mozilla Firefox 3.0
• Mozilla Firefox 3.0.1
• Mozilla Firefox 3.0.10
• Mozilla Firefox 3.0.11
• Mozilla Firefox 3.0.12
• Mozilla Firefox 3.0.13
• Mozilla Firefox 3.0.14
• Mozilla Firefox 3.0.15
• Mozilla Firefox 3.0.16
• Mozilla Firefox 3.0.17
• Mozilla Firefox 3.0.2
• Mozilla Firefox 3.0.3
• Mozilla Firefox 3.0.4
• Mozilla Firefox 3.0.5
• Mozilla Firefox 3.0.6
• Mozilla Firefox 3.0.7
• Mozilla Firefox 3.0.7 Beta
• Mozilla Firefox 3.0.8
• Mozilla Firefox 3.0.9
• Mozilla Firefox 3.5.0
• Mozilla Firefox 3.5.1
• Mozilla Firefox 3.5.2
• Mozilla Firefox 3.5.3
• Mozilla Firefox 3.5.4
• Mozilla Firefox 3.5.5
• Mozilla Firefox 3.5.6
• Mozilla Firefox 3.5.7
• Mozilla Firefox 3.6
• Mozilla SeaMonkey 2.0
• Mozilla SeaMonkey 2.0.1
• Mozilla SeaMonkey 2.0.2
• Mozilla Thunderbird 3.0
• Mozilla Thunderbird 3.0.1

References:

• CVE: CVE-2010-0167
• Mozilla Foundation: Fixed in Firefox 3.6.2
• Mozilla Foundation: MFSA 2010-09 - Deleted frame reuse in multipart/x-mixed-replace image
• Mozilla Foundation: MFSA 2010-10 - XSS via plugins and unprotected Location object
• Mozilla Foundation: MFSA 2010-11 - Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.8/
• Mozilla Foundation: MFSA 2010-12 - XSS using addEventListener and setTimeout on a wrapped object
• Mozilla Foundation: MFSA 2010-13 - Content policy bypass with image preloading
• Mozilla Foundation: MFSA 2010-14 - Browser chrome defacement via cached XUL stylesheets
• Mozilla Foundation: MFSA 2010-15 - Asynchronous Auth Prompt attaches to wrong window

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.