• Mozilla 0.x
• Mozilla 1.0
• Mozilla 1.1
• Mozilla 1.2
• Mozilla 1.3
• Mozilla 1.4
• Mozilla 1.5
• Mozilla 1.6
• Mozilla 1.7.x
• Mozilla Firefox 0.x
• Mozilla Thunderbird 0.x

Several vulnerabilities have been discovered which affect different browsers of Mozilla Project.

Impact

Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Remote System Access.

Several vulnerabilities have been discovered in Mozilla, Mozilla Firefox, and Thunderbird. These vulnerabilities may allow malicious users to perform cross-site scripting attacks, access and modification of sensitive information and also compromise of the user's system.

These vulnerabilities result due to various boundary errors in "nsMsgCompUtils.cpp", "writeGroup " function in "nsVCardObj.cpp", "nsPop3Protocol.cpp". Successful exploitation of these vulnerabilities can potentially lead to execution of arbitrary code.

Some of the other vulnerabilities that have been discovered include the following:

1. Insufficient restrictions on script generated events on text fields can be exploited to read and write content from and to the clipboard.
2. A problem with overly long links containing a non-ASCII characters can be exploited via a malicious website or e-mail to cause a buffer overflow, which potentially can lead to execution of arbitrary code.
3. An integer overflows when parsing and displaying BMP files which can potentially be exploited to execute arbitrary code by supplying an overly wide malicious BMP image via a malicious website or in an e-mail.
4. Mozilla allows dragging links to another window or frame. This can be exploited by tricking a user on a malicious website to drag a specially crafted javascript link to another window.
5. Signed scripts can request enhanced privileges, which requires that a user accepts a security dialog. The problem is that a malicious website can pass a specially crafted parameter making it possible to manipulate information displayed in the security dialog.
   Successful exploitation allows a website to trick users into accepting security dialogs, which will grant access to run arbitrary programs.
6. Some files installed with the Linux installer are group and world writable. This can be exploited by malicious, local users to replace files, which can lead to execution of arbitrary code
7. Many files and directories in the Linux install ".tar.gz" archives have wrong owner and permissions. This can be exploited by malicious, local users to replace files if the umask is set to be ignored when unpacking.

Upgrade to latest versions. The vulnerability has been fixed in the following versions:

• Mozilla 1.7.3
• Firefox 1.0PR
• Thunderbird 0.8