Fixes for potentially exploitable crashes ported to the legacy branch

Fixes for potentially exploitable crashes ported to the legacy branch

Announced

March 16, 2010

Reporter

Mozilla developers and community

Impact

Critical

Products

SeaMonkey, Thunderbird

Fixed in

• SeaMonkey 1.1.19
• Thunderbird 2.0.0.24

Description

Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1.

References

Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication.

• SSPI auth crash
• CVE-2010-0161

Ludovic Hirlimann reported a crash indexing some messages with attachments

• Mime attachment crash
• CVE-2010-0163

Carsten Book reported a crash in the JavaScript engine

• https://bugzilla.mozilla.org/show_bug.cgi?id=505305
• CVE-2009-3075

Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms.

• https://bugzilla.mozilla.org/show_bug.cgi?id=508074
• CVE-2009-3072

monarch4000 reported an integer overflow in a base64 decoding function

• https://bugzilla.mozilla.org/show_bug.cgi?id=492779
• CVE-2009-2463