Package Instance

Security researchers Tyson Smith and Jesse
Schwartzentruber of the BlackBerry Security Automated Analysis Team
used the Address Sanitizer tool while fuzzing to discover a use-after-free
during host resolution in some circumstances. This leads to a potentially
exploitable crash.

Security researcher Ash reported an out of bounds read issue
with Web Audio. This issue could allow for web content to trigger crashes that
are potentially exploitable.

Security researcher Juho Nurminen reported that on Firefox
for Android, when the addressbar has been scrolled off screen, an attacker can
prevent it from rendering again through the use of script interacting DOM
events. This allows an attacker to present a fake addressbar to the user,
possibly leading to successful phishing attacks.

Security researcher Nils discovered a use-after-free error
in which the imgLoader object is freed while an image is being
resized. This results in a potentially exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts.

Mozilla security researcher moz_bug_r_a4 reported a method
to use browser navigations through history to load a website with that page's
baseURI property pointing to that of another site instead of the seemingly
loaded one. The user will continue to see the incorrect site in the addressbar
of the browser. This allows for a cross-site scripting (XSS) attack or the theft
of data through a phishing attack. 
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts.

Mozilla developers and community identified identified and fixed several
memory safety bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of these
could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts.

Security researcher  Christian Heimes reported that the Network Security
Services (NSS) library does not handle IDNA domain prefixes according to RFC 6125 for wildcard
certificates. This leads to improper wildcard matching of domains when they
should not be matched in compliance with the specification. This issue was fixed
in NSS version 3.16.

Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team used the Address Sanitizer tool to discover a buffer
overflow when a script uses a non-XBL object as an XBL object because the XBL
status of the object is not properly validated. The resulting memory corruption
is potentially exploitable.  
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts.

Security researcher Ash reported an issue affected the
Mozilla Maintenance Service on Windows systems. The Mozilla Maintenance Service
installer writes to a temporary directory created during the update process
which is writable by users. If malicious DLL files are placed within this
directory during the update process, these DLL files can run in a privileged
context through the Mozilla Maintenance Service's privileges, allowing for local
privilege escalation. 
This issue does not affect Linux or OS X users and is confined
to Windows.

Using the Address Sanitizer tool, security researcher Abhishek
Arya (Inferno) of the Google Chrome Security Team found a
use-after-free  in the Text Track Manager while processing HTML video. This was
caused by inconsistent garbage collection of Text Track Manager variables and
results in a potentially exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts.

Security researcher Mariusz Mlynski discovered an issue
where sites that have been given notification permissions by a user can bypass
security checks on source components for the Web Notification API. This allows
for script to be run in a privileged context through notifications, leading to
arbitrary code execution on these sites.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts.

Mozilla developer Boris Zbarsky discovered that the debugger
will work with some objects while bypassing XrayWrappers. This could lead to
privilege escalation if the victim used the debugger to interact with a
malicious page.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts.

Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team used the Address Sanitizer tool to discover a fixed offset
out of bounds read issue while decoding specifically formatted JPG format
images. This causes a non-exploitable crash.

Security researcher Jukka Jylänki reported a crash in
the the Cairo graphics library. This happens when Cairo paints out-of-bounds to
the destination buffer in the compositing function when working with canvas in
certain circumstances. This issue allows malicious web content to cause a
potentially exploitable crash.
This issue only affects Firefox 28 and Seamonkey 2.25 on
Windows. Earlier versions of both products and installations on Linux and OS X
were unaffected