firefox & mozilla -- multiple vulnerabilities

Description:

The Mozilla Foundation reports of multiple security vulnerabilities in Firefox and Mozilla:

• MFSA 2005-56 Code execution through shared function objects
• MFSA 2005-55 XHTML node spoofing
• MFSA 2005-54 Javascript prompt origin spoofing
• MFSA 2005-53 Standalone applications can run arbitrary code through the browser
• MFSA 2005-52 Same origin violation: frame calling top.focus()
• MFSA 2005-51 The return of frame-injection spoofing
• MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
• MFSA 2005-49 Script injection from Firefox sidebar panel using data:
• MFSA 2005-48 Same-origin violation with InstallTrigger callback
• MFSA 2005-47 Code execution via "Set as Wallpaper"
• MFSA 2005-46 XBL scripts ran even when Javascript disabled
• MFSA 2005-45 Content-generated event vulnerabilities

References:

• CVE name CVE-2005-1937
• CVE name CVE-2005-2260
• CVE name CVE-2005-2261
• CVE name CVE-2005-2262
• CVE name CVE-2005-2263
• CVE name CVE-2005-2264
• CVE name CVE-2005-2265
• CVE name CVE-2005-2266
• CVE name CVE-2005-2267
• CVE name CVE-2005-2268
• CVE name CVE-2005-2269
• CVE name CVE-2005-2270
• URL: <http://www.mozilla.org/projects/security/known-vulnerabilities.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-45.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-46.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-47.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-48.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-49.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-50.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-51.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-52.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-53.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-54.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-55.html>
• URL: <http://www.mozilla.org/security/announce/mfsa2005-56.html>

Affects:

• firefox <1.0.5,1
• linux-firefox <1.0.5
• mozilla <1.7.9,2
• mozilla >=1.8.*,2
• linux-mozilla <1.7.9
• linux-mozilla >=1.8.*
• linux-mozilla-devel <1.7.9
• linux-mozilla-devel >=1.8.*
• netscape7 >=0
• de-linux-mozillafirebird >=0
• el-linux-mozillafirebird >=0
• ja-linux-mozillafirebird-gtk1 >=0
• ja-mozillafirebird-gtk2 >=0
• linux-mozillafirebird >=0
• ru-linux-mozillafirebird >=0
• zhCN-linux-mozillafirebird >=0
• zhTW-linux-mozillafirebird >=0
• de-linux-netscape >=0
• de-netscape7 >=0
• fr-linux-netscape >=0
• fr-netscape7 >=0
• ja-linux-netscape >=0
• ja-netscape7 >=0
• linux-netscape >=0
• linux-phoenix >=0
• mozilla+ipv6 >=0
• mozilla-embedded >=0
• mozilla-firebird >=0
• mozilla-gtk1 >=0
• mozilla-gtk2 >=0
• mozilla-gtk >=0
• mozilla-thunderbird >=0
• phoenix >=0
• pt_BR-netscape7 >=0

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.