[FREEBSD:E190CA65-3636-11DC-A697-000C6EC775D9] mozilla -- multiple vulnerabilities

Severity High

Affected Packages 6

CVEs 5

The Mozilla Foundation reports of multiple security issues
in Firefox, Seamonkey, and Thunderbird. Several of these
issues can probably be used to run arbitrary code with the
privilege of the user running the program.

    MFSA 2007-25 XPCNativeWrapper pollution
    MFSA 2007-24 Unauthorized access to wyciwyg:// documents
    MFSA 2007-21 Privilege escalation using an event
      handler attached to an element not in the document
    MFSA 2007-20 Frame spoofing while window is loading
    MFSA 2007-19 XSS using addEventListener and setTimeout
    MFSA 2007-18 Crashes with evidence of memory corruption

Package	Affected Version
pkg:freebsd/seamonkey	< 1.1.3
pkg:freebsd/linux-seamonkey-devel	< 2.0.a2007.12.12
pkg:freebsd/linux-firefox-devel	< 3.0.a2007.12.12
pkg:freebsd/linux-firefox	< 2.0.0.5
pkg:freebsd/firefox-ja
pkg:freebsd/firefox	> 3.*,1, < 2.0.0.5,1

ID

FREEBSD:E190CA65-3636-11DC-A697-000C6EC775D9

Severity

high

Severity from

CVE-2007-3734

URL

http://vuxml.freebsd.org/freebsd/e190ca65-3636-11dc-a697-000c6ec775d9.html

Published

2007-07-17T00:00:00
(17 years ago)

Modified

2007-07-19T00:00:00
(17 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5
FreeBSD VuXML			http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
FreeBSD VuXML			http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
FreeBSD VuXML			http://www.mozilla.org/security/announce/2007/mfsa2007-20.html
FreeBSD VuXML			http://www.mozilla.org/security/announce/2007/mfsa2007-21.html
FreeBSD VuXML			http://www.mozilla.org/security/announce/2007/mfsa2007-24.html
FreeBSD VuXML			http://www.mozilla.org/security/announce/2007/mfsa2007-25.html

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/seamonkey	seamonkey	< 1.1.3
Affected	pkg:freebsd/linux-seamonkey-devel	linux-seamonkey-devel	< 2.0.a2007.12.12
Affected	pkg:freebsd/linux-firefox-devel	linux-firefox-devel	< 3.0.a2007.12.12
Affected	pkg:freebsd/linux-firefox	linux-firefox	< 2.0.0.5
Affected	pkg:freebsd/firefox-ja	firefox-ja
Affected	pkg:freebsd/firefox	firefox	> 3.*,1 < 2.0.0.5,1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date