Details have been released about several vulnerabilities in Mozilla, Mozilla Firefox, and Thunderbird. These can potentially be exploited by malicious people to conduct cross-site scripting attacks, access and modify sensitive information, and compromise a user’s system.
1) Various boundary errors in “nsMsgCompUtils.cpp” can be exploited to cause heap-based buffer overflows when a specially crafted e-mail is forwarded.
Successful exploitation can potentially lead to execution of arbitrary code.
2) Insufficient restrictions on script generated events on text fields can be exploited to read and write content from and to the clipboard.
3) Boundary errors in the “writeGroup()” function in “nsVCardObj.cpp” can be exploited to cause stack-based buffer overflows by sending an e-mail containing a specially crafted vcard.
Successful exploitation may allow execution of arbitrary code but requires that the malicious e-mail is opened in preview.
4) Some boundary errors in “nsPop3Protocol.cpp”, which handles POP3 mail communication, can be exploited to cause buffer overflow by a malicious POP3 mail server when sending specially crafted responses.
Successful exploitation may potentially allow execution of arbitrary code.
5) A problem with overly long links containing a non-ASCII characters can be exploited via a malicious website or e-mail to cause a buffer overflow, which potentially can lead to execution of arbitrary code.
Read about all vulnerabilities at Secunia
Found VIA TechIMO