Mozilla Foundation Security Advisory 2010-07

Fixes for potentially exploitable crashes ported to the legacy branch

Announced

March 16, 2010

Reporter

Mozilla developers and community

Impact

Critical

Products

SeaMonkey, Thunderbird

Fixed in

SeaMonkey 1.1.19
Thunderbird 2.0.0.24

Description

Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1.

References

Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication.

SSPI auth crash
CVE-2010-0161

Ludovic Hirlimann reported a crash indexing some messages with attachments

Mime attachment crash
CVE-2010-0163

Carsten Book reported a crash in the JavaScript engine

https://bugzilla.mozilla.org/show_bug.cgi?id=505305
CVE-2009-3075

Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms.

https://bugzilla.mozilla.org/show_bug.cgi?id=508074
CVE-2009-3072

monarch2000 reported an integer overflow in a base64 decoding function

https://bugzilla.mozilla.org/show_bug.cgi?id=492779
CVE-2009-2463

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2010-07

Fixes for potentially exploitable crashes ported to the legacy branch

Description

References