Mozilla Security vulnerabilities
Vulnerabilities are reported in Firefox and Thunderbird versions prior to 16.0.1 and SeaMonkey versions prior to 2.13.1.
Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities
Secunia Advisory SA50932
Mozilla Security Blog
Mozilla Foundation Security Advisory 2012-88
Mozilla Foundation Security Advisory 2012-89
SecurityTracker Alert ID: 1027653
SecurityTracker Alert ID: 1027652
SecurityTracker Alert ID: 1027651
1) The protected "location" object is accessible by other domain objects, which can be exploited to bypass the same origin policy and gain access to sensitive information.
2) An unspecified error within the "FT2FontEntry::CreateFontEntry()" function can be exploited to corrupt memory.
3) An unspecified error within the "mozilla::net::FailDelayManager::Lookup()" function when handling certain websockets can be exploited to corrupt memory.
4) An error within security wrappers does not unwrap the "defaultValue" properly and can be exploited to gain access to the "location" object.
Some vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
Update Firefox and Thunderbird to versions 16.0.1 and SeaMonkey to version 2.13.1.