The Mozilla Foundation released new versions of Firefox, Thunderbird and SeaMonkey products.
New versions fix numerous security vulnerabilities, of which some are rated critical. Here's a short overview of the vulnerabilities that have been fixed:
MFSA 2006-44 (http://www.mozilla.org/security/announce/2006/mfsa2006-44.html): Code execution through deleted frame reference.
Another remote execution vulnerability, affects Firefox 1.5 and SeaMonkey.
MFSA 2006-46 (http://www.mozilla.org/security/announce/2006/mfsa2006-46.html): Memory corruption with simultaneous events.
Remote execution vulnerability, affects Firefox and SeaMonkey.
MFSA 2006-47 (http://www.mozilla.org/security/announce/2006/mfsa2006-47.html): Native DOM methods can be hijacked across domains.
Information leaking vulnerability, can be combined with XSS, although limited. Affects Firefox and SeaMonkey.
Remote execution vulnerability, affects Firefox, Thunderbird and SeaMonkey.
MFSA 2006-49 (http://www.mozilla.org/security/announce/2006/mfsa2006-49.html): Heap buffer overwrite on malformed vCard, affects Thunderbird and SeaMonkey.
Multiple vulnerabilities which can lead to remote execution, affect Firefox, Thunderbird and SeaMonkey.
MFSA 2006-51 (http://www.mozilla.org/security/announce/2006/mfsa2006-51.html): Privilege escalation using named-functions and redefined "new Object()".
Remote execution vulnerability, affects Firefox, Thunderbird, SeaMonkey.
MFSA 2006-52 (http://www.mozilla.org/security/announce/2006/mfsa2006-52.html): PAC privilege escalation using Function.prototype.call
Remote script execution vulnerability through a "poisoned" PAC file. Affects Firefox and SeaMonkey.
MFSA 2006-53 (http://www.mozilla.org/security/announce/2006/mfsa2006-53.html): UniversalBrowserRead privilege escalation.
Remote script execution vulnerability, affects Firefox, Thunderbird and SeaMonkey.
MFSA 2006-54 (http://www.mozilla.org/security/announce/2006/mfsa2006-54.html): XSS with XPCNativeWrapper(window).Function(?).
XSS vulnerability using the XPCNativeWrapper construct. Affects Firefox, Thunderbird and SeaMonkey.
MFSA 2006-55 (http://www.mozilla.org/security/announce/2006/mfsa2006-55.html): Crashes with evidence of memory corruption (rv:18.104.22.168).
Probably just a DoS attack, but there is a possibility that it could be turned into a remote execution vulnerability. Affects Firefox, Thunderbird and SeaMonkey.
MFSA 2006-56 (http://www.mozilla.org/security/announce/2006/mfsa2006-56.html): chrome: scheme loading remote content
Remote script execution vulnerability that affects Firefox and SeaMonkey.
I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Munich July 2019
Jul 26th 2006
1 decade ago