The following eight vulnerabilities exist in Mozilla Foundation's Mozilla Suite, SeaMonkey Suite, Thunderbird email client, and/or Firefox browser. The first vulnerability is rated critical, the next four are rated moderate, and the final three are rated low in terms of severity. The vulnerabilities are as follows:

  • XML could be injected into the browser's localstore.rdf file, which would then be read by the browser at startup. The vulnerability could allow intruders to inject JavasScript code into a user's system.
  • The browser contains integer overflow errors that could allow intruders to execute arbitrary code on an affected system.
  • The QueryInterface method contains a flaw that causes memory corruption, which could allow intruders to execute arbitrary code on an affected system.
  • Dynamic changes to certain style elements could cause the browser to attempt operations on freed memory space, which could allow intruders to execute arbitrary code on an affected system.
  • Specially crafted JavaScript objects could trigger "garbage collection," which could cause the browser to attempt operations on freed memory space. The condition could allow intruders to execute arbitrary code on an affected system.
  • Web pages with extremely long titles cause the browser to take a long time to start up, or to crash when the computer has insufficient memory available.
  • The E4X AnyName object that's used by the JavaScript engine is unintentionally exposed to Web content, which could allow scripts to perform unauthorized actions.
  • The XML parser might read beyond the end of a buffer, which could cause the browser to crash.
  • Mozilla Foundation released updates to Firefox, Thunderbird, and Mozilla Suite (code-named SeaMonkey) the products to correct these problems.