This update brings the Mozilla Firefox browser to version 3.0.4.

It fixes following security issues :

CVE-2008-0017 / MFSA 2008-54 :

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.

CVE-2008-5012 / MFSA 2008-48: Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.

CVE-2008-5013 / MFSA 2008-49 :

Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that 'dynamically unloads itself from an outside JavaScript function,' which triggers an access of an expired memory address.

CVE-2008-5014 / MFSA 2008-50

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.

CVE-2008-5015 / MFSA 2008-51 :

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file:
URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.

CVE-2008-5016 / MFSA 2008-52 :

The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.

CVE-2008-5017 / MFSA 2008-52: Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.

CVE-2008-5018 / MFSA 2008-52: The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to 'insufficient class checking' in the Date class. CVE-2008-5019 / MFSA 2008-53: The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.
CVE-2008-5021 / MFSA 2008-55: nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

CVE-2008-5022 / MFSA 2008-56: The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.

CVE-2008-5023 / MFSA 2008-57: Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

CVE-2008-5024 / MFSA 2008-58: Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.

CVE-2008-5052 / MFSA 2008-52: The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.

The installed version of Firefox is earlier than 2.0.0.18.  Such versions are potentially affected by the following security issues :

  - Locally saved '.url' shortcut files can be used to read     information stored in the local cache. (MFSA 2008-47)

  - The canvas element can be used in conjunction with an     HTTP redirect to bypass same-origin restrictions and     gain access to the content in arbitrary images from     other domains. (MFSA 2008-48)

  - Arbitrary code execution is possible via Flash Player     dynamic module unloading. (MFSA 2008-49)

  - By tampering with the window.__proto__.__proto__ object,     one can cause the browser to place a lock on a non-     native object, leading to a crash and possible code     execution. (MFSA 2008-50)

  - There are several stability bugs in the browser engine     that may lead to crashes with evidence of memory     corruption. (MFSA 2008-52)

  - The browser's session restore feature can be used to     violate the same-origin policy and run JavaScript in     the context of another site. (MFSA 2008-53)

  - There is a buffer overflow that can be triggered by     sending a specially crafted 200 header line in the HTTP     index response. (MFSA 2008-54)

  - Crashes and remote code execution in nsFrameManager are     possible by modifying certain properties of a file     input element before it has finished initializing.
    (MFSA 2008-55)

  - The same-origin check in     'nsXMLHttpRequest::NotifyEventListeners()' can be     bypassed. (MFSA 2008-56)

  - The '-moz-binding' CSS property can be used to bypass     security checks which validate codebase principals.
    (MFSA 2008-57)

  - There is an error in the method used to parse the     default namespace in an E4X document caused by quote     characters in the namespace not being properly escaped.
    (MFSA 2008-58)

The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox,       Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page or email, possibly resulting in execution of arbitrary code or a       Denial of Service condition. Furthermore, a remote attacker may be able       to perform Man-in-the-Middle attacks, obtain sensitive information,       bypass restrictions and protection mechanisms, force file downloads,       conduct XML injection attacks, conduct XSS attacks, bypass the Same       Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical       scroll, spoof the location bar, spoof an SSL indicator, modify the       browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified       impact.
    A local attacker could gain escalated privileges, obtain sensitive       information, or replace an arbitrary downloaded file.
  Workaround :

    There is no known workaround at this time.

The installed version of SeaMonkey is earlier than 1.1.13.  Such versions are potentially affected by the following security issues : 

  - Locally saved '.url' shortcut files can be used to read information stored in the local cache. (MFSA 2008-47)
  - By tampering with the window.__proto__.__proto__ object, one can cause the browser to place a lock on a non-native object, leading to a crash and possible code execution. (MFSA 2008-50)
  - 'file: ' URIs are given chrome privileges when opened in the same tab as a chrome page or privileged 'about: ' page, which could allow an attacker to run arbitrary JavaScript with chrome privileges. (MFSA 2008-51)
  - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-52)
  - The browser's session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. (MFSA 2008-53)
  - There is a buffer overflow that can be triggered by sending a specially crafted 200 header line in the HTTP index response. (MFSA 2008-54)
  - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55)
  - The same-origin check in 'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. (MFSA 2008-56)
  - The '-moz-binding' CSS property can be used to bypass security checks that validate codebase principals. (MFSA 2008-57)
  - There is an error in the method used to parse the default namespace in an E4X document caused by quote characters in the namespace not being properly escaped. (MFSA 2008-58)

Versions of Mozilla Thunderbird prior to 2.0.0.18 are affected by the following vulnerabilities :

 - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. (MFSA 2008-48)
 - By tampering with the 'window.__proto__' object, one can cause the browser to place a lock on a non-native object, leading to a crash and possible code execution. (MFSA 2008-50)
 - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-52)
 - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55)
 - The same-origin check in 'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. (MFSA 2008-56)
 - There is an error in the method used to parse the default namespace in an E4X document caused by quote characters in the namespace not being properly escaped. (MFSA 2008-58)
 - Scripts in a malicious mail message can access the .document URI and .textContext DOM properties. (MFSA 2008-59)

The installed version of Firefox is earlier than 2.0.0.18.  Such versions are potentially affected by the following security issues : 

 - Locally saved '.url' shortcut files can be used to read information stored in the local cache. (MFSA 2008-47)
  - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. (MFSA 2008-48)
  - Arbitrary code execution is possible via Flash Player dynamic module unloading. (MFSA 2008-49)
  - By tampering with the window.__proto__.__proto__ object, one can cause the browser to place a lock on a non-native object, leading to a crash and possible code execution. (MFSA 2008-50)
  - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-52)
  - The browser's session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. (MFSA 2008-53)
  - There is a buffer overflow that can be triggered by sending a specially crafted 200 header line in the HTTP index response. (MFSA 2008-54)
  - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55)
  - The same-origin check in 'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. (MFSA 2008-56)
  - The '-moz-binding' CSS property can be used to bypass security checks that validate codebase principals. (MFSA 2008-57)
  - There is an error in the method used to parse the default namespace in an E4X document caused by quote characters in the namespace not being properly escaped. (MFSA 2008-58)

The installed version of Firefox 3.0 is earlier than 3.0.4.  Such versions are potentially affected by the following security issues : 

 - Locally saved '.url' shortcut files can be used to read information stored in the local cache. (MFSA 2008-47)
  - By tampering with the window.__proto__.__proto__ object, one can cause the browser to place a lock on a non-native object, leading to a crash and possible code execution. (MFSA 2008-50)
  - 'file: ' URIs are given chrome privileges when opened in the same tab as a chrome page or privileged 'about: ' page, which could allow an attacker to run arbitrary JavaScript with chrome privileges. (MFSA 2008-51)
  - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-52)
  - The browser's session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. (MFSA 2008-53)
  - There is a buffer overflow that can be triggered by sending a specially crafted 200 header line in the HTTP index response. (MFSA 2008-54)
  - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55)
  - The same-origin check in 'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. (MFSA 2008-56)
  - The '-moz-binding' CSS property can be used to bypass security checks that validate codebase principals. (MFSA 2008-57)
  - There is an error in the method used to parse the default namespace in an E4X document caused by quote characters in the namespace not being properly escaped. (MFSA 2008-58)

The installed version of Thunderbird is earlier than 2.0.0.18.  Such versions are potentially affected by the following security issues : 


  - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. (MFSA 2008-48)
  - By tampering with the window.__proto__.__proto__ object, one can cause the browser to place a lock on a non-native object, leading to a crash and possible code execution. (MFSA 2008-50)
  - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-52)
  - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55)
  - The same-origin check in 'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. (MFSA 2008-56)
  - There is an error in the method used to parse the default namespace in an E4X document caused by quote characters in the namespace not being properly escaped. (MFSA 2008-58)
  - Scripts in a malicious mail message can access the .document URI and .textContext DOM properties. (MFSA 2008-59)

The installed version of Firefox is earlier than 2.0.0.18.  Such versions are potentially affected by the following security issues : 

  - Locally saved '.url' shortcut files can be used to read information stored in the local cache. (MFSA 2008-47)
  - The canvas element can be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. (MFSA 2008-48)
  - Arbitrary code execution is possible via Flash Player dynamic module unloading. (MFSA 2008-49)
  - By tampering with the window.__proto__.__proto__ object, one can cause the browser to place a lock on a non-native object, leading to a crash and possible code execution. (MFSA 2008-50)
  - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-52)
  - The browser's session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. (MFSA 2008-53)
  - There is a buffer overflow that can be triggered by sending a specially crafted 200 header line in the HTTP index response. (MFSA 2008-54)
  - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55)
  - The same-origin check in 'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. (MFSA 2008-56)
  - The '-moz-binding' CSS property can be used to bypass security checks that validate codebase principals. (MFSA 2008-57)
  - There is an error in the method used to parse the default namespace in an E4X document caused by quote characters in the namespace not being properly escaped. (MFSA 2008-58)

The installed version of Firefox 3.0 is earlier than 3.0.4.  Such versions are potentially affected by the following security issues : 

  - Locally saved '.url' shortcut files can be used to read information stored in the local cache. (MFSA 2008-47)
  - By tampering with the window.__proto__.__proto__ object, one can cause the browser to place a lock on a non-native object, leading to a crash and possible code execution. (MFSA 2008-50)
  - 'file: ' URIs are given chrome privileges when opened in the same tab as a chrome page or privileged 'about: ' page, which could allow an attacker to run arbitrary JavaScript with chrome privileges. (MFSA 2008-51)
  - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-52)
  - The browser's session restore feature can be used to violate the same-origin policy and run JavaScript in the context of another site. (MFSA 2008-53)
  - There is a buffer overflow that can be triggered by sending a specially crafted 200 header line in the HTTP index response. (MFSA 2008-54)
  - Crashes and remote code execution in nsFrameManager are possible by modifying certain properties of a file input element before it has finished initializing. (MFSA 2008-55)
  - The same-origin check in 'nsXMLHttpRequest: : NotifyEventListeners()' can be bypassed. (MFSA 2008-56)
  - The '-moz-binding' CSS property can be used to bypass security checks that validate codebase principals. (MFSA 2008-57)
  - There is an error in the method used to parse the default namespace in an E4X document caused by quote characters in the namespace not being properly escaped. (MFSA 2008-58)

ID	Name	Product	Family	Published	Updated	Severity
39884	openSUSE Security Update : MozillaFirefox (MozillaFirefox-334)	Nessus	SuSE Local Security Checks	7/21/2009	1/14/2021	critical
34766	Firefox < 2.0.0.18 Multiple Vulnerabilities	Nessus	Windows	11/13/2008	7/16/2018	high
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	1/8/2013	12/5/2022	critical
4753	SeaMonkey < 1.1.13 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	11/13/2008	3/6/2019	medium
4762	Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	11/20/2008	3/6/2019	medium
4751	Mozilla Firefox < 2.0.0.18 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	11/13/2008	3/6/2019	medium
4752	Mozilla Firefox 3.x < 3.0.4 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	11/13/2008	3/6/2019	medium
801316	Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients			high
800876	SeaMonkey < 1.1.13 Multiple Vulnerabilities	Log Correlation Engine	Web Clients			high
800741	Firefox < 2.0.0.18 Multiple Vulnerabilities	Log Correlation Engine	Web Clients			high
800751	Firefox 3.x < 3.0.4 Multiple Vulnerabilities	Log Correlation Engine	Web Clients			high

Detections

Analytics

Plugins Search

critical

high

critical

medium

medium

medium

medium

high

high

high

high