Mozilla Foundation Security Advisory 2010-07
Title: Fixes for potentially exploitable crashes ported to the legacy branch
Impact: Critical
Announced: March 16, 2010
Reporter: Mozilla developers and community
Products: Thunderbird, SeaMonkey
Fixed in: Thunderbird 2.0.0.24
SeaMonkey 1.1.19
Description
Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1.
References
Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication.
* SSPI auth crash
* CVE-2010-0161
Ludovic Hirlimann reported a crash indexing some messages with attachments
* Mime attachment crash
* CVE-2010-0163
Carsten Book reported a crash in the JavaScript engine
* https://bugzilla.mozilla.org/show_bug.cgi?id=505305
* CVE-2009-3075
Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms.
* https://bugzilla.mozilla.org/show_bug.cgi?id=508074
* CVE-2009-3072
monarch2000 reported an integer overflow in a base64 decoding function
* https://bugzilla.mozilla.org/show_bug.cgi?id=492779
* CVE-2009-2463