Mozilla Firefox before 3.0.9 is affected by multiple vulnerabilities:
Crashes with evidence of memory corruption (MFSA 2009-14).
The browser engine in Mozilla Firefox before 3.0.9 could allow remote attackers to
cause a denial of service and possibly trigger memory corruption.
URL spoofing with box drawing character (MFSA 2009-15).
Unicode box drawing characters were allowed in Internationalized Domain Names (IDN)
where they could be visually confused with punctuation used in valid web addresses.
This could be combined with a phishing-type scam to trick a victim into thinking they
were on a different website than they actually were.
jar: scheme ignores the content-disposition: header on the inner URI (MFSA 2009-16).
The jar: URI implementation does not follow the Content-Disposition header of the
inner URI. This could allow remote attackers to conduct cross-site scripting (XSS)
attacks and possibly other attacks via an uploaded .jar file with a
"Content-Disposition: attachment" designation.
Same-origin violations when Adobe Flash loaded via view-source: scheme (MFSA 2009-17).
The view-source: URI implementation in Mozilla Firefox does not properly implement the
Same Origin Policy. This could allow remote attackers to bypass crossdomain.xml
restrictions and connect to arbitrary web sites via a Flash file; read, create, or
modify Local Shared Objects via a Flash file; or bypass unspecified restrictions and
render content via vectors involving a jar: URI.
XSS hazard using third-party stylesheets and XBL bindings (MFSA 2009-18).
Sites which allow users to embed third-party stylesheets are vulnerable to script
injection attacks using XBL bindings.
Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString (MFSA 2009-19).
Mozilla Firefox before 3.0.9 does not properly implement the Same Origin Policy for
XMLHttpRequest and XPCNativeWrapper.toString. This could allow remote attackers to
conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted
Malicious search plugins can inject code into arbitrary sites (MFSA 2009-20).
A cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in
Mozilla Firefox could allow user-assisted remote attackers to inject arbitrary web
POST data sent to wrong site when saving web page with embedded frame (MFSA 2009-21).
When saving the inner frame of a web page as a file when the outer page has POST data
associated with it, the POST data will be incorrectly sent to the URL of the inner
frame. This could allow remote attackers to obtain sensitive information via a web
page with an embedded frame.
HTTP responses. This could allow remote attackers to conduct cross-site scripting (XSS)
attacks via vectors related to injecting a Refresh header or specifying the content
of a Refresh header.