Package Instance

Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that a flaw in the Mozilla SVG
implementation could result in an out-of-bounds memory access if
SVG elements were removed during a DOMAttrModified event handler.
This vulnerability does not affect products prior to Firefox 8
and SeaMonkey 2.5. Thunderbird 8 users would be vulnerable only if
using a browser-like feature that allowed scripts to run; users
are not at risk while reading mail.

Mozilla developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird
and SeaMonkey products because scripting is disabled, but are potentially a risk
in browser or browser-like contexts in those products.These vulnerabilities did not affect the older browser engine used
prior to Firefox 4.

sczimmer reported a crash when scaling an OGG
<video> element to extreme sizes.
Firefox 3.6 is not affected by this vulnerability

FireBreath developer Richard Bateman reported a crash
on Mac OS X that occurred when a plugin deletes its containing DOM frame
during a call from that frame. The observed symptom is a null dereference
but we cannot rule out the possibility that content from a scriptable plugin
such as Flash could find a way to dereference a more useful address
and exploit it.

Security researcher Aki Helin reported a crash
in the YARR regular expression library that could be triggered by
javascript in web content.
The YARR library was not used in older versions of
the Mozilla browser engine. This vulnerability does not affect
Firefox 3.6 or Thunderbird 3.1

Security researcher regenrecht reported a flaw that affected Firefox versions 4 through 8 via TippingPoint's Zero Day Initiative. This flaw is a use-after-free in nsHTMLSelectElement when the parent node of the element is no longer active and could allow for possible remote code execution.
Firefox 3.6 is not affected by this vulnerability.

Security researcher Mario Heiderich reported it was
possible to use SVG animation accessKey events to detect
key strokes even when JavaScript was disabled. Since web pages can normally
detect key events through script and most users have scripting enabled this
does not present a risk for most users. In contexts where the user knows
scripting is disabled (reading mail, for example, or NoScript users) this
could allow a malicious web page to fool a user into interacting with
a prompt thinking it came from the browser or mail program.

Accessing remote content is disabled by default When reading mail in
Thunderbird and SeaMonkey. Successfully capturing keystrokes remotely would
require some social engineering to convince the user to turn it on.

SVG animation is not supported in Thunderbird 3.1 or Firefox 3.6.