update for MozillaFirefox, MozillaThunderbird, seamonkey, xulrunner, mozilla-xulrunner192
Mozilla Firefox and Thunderbird version 9 and seamonkey version 2.6 updates fix several security issues:
* MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards
* MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library
* MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access
* MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation
* MFSA 2011-58/CVE-2011-3665: Crash scaling video elements to extreme sizes
-
Submitted by
Wolfgang Rosenauer (wrosenauer)
Fixed bugs
bnc#737533
VUL-0: MozillaFirefox 9 / 3.6.25 and other mozilla apps
bnc#732898
Firefox is not accessible
bnc#733002
Thunderbird/Enigmail is endless accessing PGP Keyserver
CVE-CVE-2011-3663
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.
CVE-CVE-2011-3660
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
CVE-CVE-2011-3661
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
CVE-CVE-2011-3666
Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exi
CVE-CVE-2011-3658
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have uns
