Mozilla, Firefox, and Thunderbird applications are reported prone to multiple vulnerabilities. The following specific issues are reported: - Access-control bypass (Mozilla and Firefox browsers). Although unconfirmed, this vulnerability presumably may be exploited to access information pertaining to a target filesystem. For example, an attacker may be able to determine whether a file exists or not. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Status-bar misrepresentation (Mozilla and Firefox browsers). A remote attacker may exploit this vulnerability to aid in phishing-style attacks (e.g. to make a malicious site appear authentic). This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Additional status-bar misrepresentation (Mozilla and Firefox browsers). Using JavaScript to automate the process, a remote attacker may exploit this...
Mozilla, Firefox, and Thunderbird applications are reported prone to multiple vulnerabilities. The following specific issues are reported: - Access-control bypass (Mozilla and Firefox browsers). Although unconfirmed, this vulnerability presumably may be exploited to access information pertaining to a target filesystem. For example, an attacker may be able to determine whether a file exists or not. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Status-bar misrepresentation (Mozilla and Firefox browsers). A remote attacker may exploit this vulnerability to aid in phishing-style attacks (e.g. to make a malicious site appear authentic). This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Additional status-bar misrepresentation (Mozilla and Firefox browsers). Using JavaScript to automate the process, a remote attacker may exploit this vulnerability to aid in phishing-style attacks (e.g. to make a malicious site appear authentic). This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Mozilla and Firefox browsers provide functionality (Alt-Click) to download files that are linked by URIs to the default download location without requiring a user prompt. Reports indicate that a malicious site may exploit this functionality to download a file to the default download location without user interaction. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0. - Clipboard information-disclosure vulnerability (Mozilla and Firefox browsers). A remote attacker may exploit this vulnerability to steal clipboard contents, which may reveal potentially sensitive information to a remote attacker. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Additional information-disclosure vulnerability (Mozilla and Firefox browsers). A remote malicious server may invoke a request against a vulnerable browser and the browser will respond with proxy-authentication credentials. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0 and Mozilla Suite versions prior to 1.7.5. - Mozilla Thunderbird erroneously responds to cookie requests that are contained in HTML-based email. Reportedly, a remote attacker may exploit this vulnerability to track emails to victim users. This vulnerability is reported to affect Thunderbird versions 0.6 to 0.9 and Mozilla Suite 1.7 to 1.7.3. - Local code-execution vulnerability (Mozilla Firefox). The vulnerability exists in the Livefeed bookmark functionality. If, for example, 'about:config' is displayed when the Livefeed is updated, then arbitrary code execution may reportedly occur on the affected computer. This vulnerability is reported to affect Mozilla Firefox versions prior to 1.0. - Mozilla Thunderbird reportedly fails to handle 'javascript:' URI links. The affected application employs the default handler for 'javascript:' URIs that is registered on the host operating system. This is incorrect behavior and may result in exposure to latent vulnerabilities due to a false sense of security. This vulnerability is reported to affect Mozilla Thunderbird versions prior to 0.9. This BID will be separated into individual BIDs as soon as further research into each of the vulnerabilities is completed.
