Mozilla Foundation Security Advisory 2010-07

Fixes for potentially exploitable crashes ported to the legacy branch

Announced
March 16, 2010
Reporter
Mozilla developers and community
Impact
Critical
Products
SeaMonkey, Thunderbird
Fixed in
  • SeaMonkey 1.1.19
  • Thunderbird 2.0.0.24

Description

Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1.

References

Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication.

Ludovic Hirlimann reported a crash indexing some messages with attachments

Carsten Book reported a crash in the JavaScript engine

Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms.

monarch2000 reported an integer overflow in a base64 decoding function