Debian Linux Security Advisory 2699-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. These issues include multiple memory safety errors, missing input sanitizing vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors which may lead to the execution of arbitrary code, privilege escalation, information leaks or cross site scripting.
0c8d95ee21c71cdad274d263f5504e4aa7ef4314c41cc7e9044a6c7ce9603f81
Mandriva Linux Security Advisory 2013-165 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged access. This affects chrome object wrappers and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting attacks. Various other issues have also been addressed.
6813ee081c57ba799f2853ae698c47af47848d549fc213a9c911e753605181ee
Ubuntu Security Notice 1823-1 - Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. CVE-2013-1669) Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). If a user had scripting enabled, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. Various other issues were also addressed.
6bd1e9ff8b497160ca832c72224f6dece7c64aca1cfaba89925ec17810fc1f8a
Red Hat Security Advisory 2013-0820-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting attacks.
f0c1245adc420fe9949c729df1f1edad8e3e57cb43d7ebf94cf6c5176f6162b7
Red Hat Security Advisory 2013-0821-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting attacks.
151d0654166b000317cd71fbfe25f8fc2e6199bb127056c2735148eaf59c71e0
Ubuntu Security Notice 1822-1 - Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). An attacker could exploit this to conduct cross-site scripting (XSS) attacks. Various other issues were also addressed.
ac25ce948a4dcc634750fd0f1b4fedb6a05de4dbbdb5cdf815be15b301fcf801