You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-07

Mozilla Foundation Security Advisory 2010-07

Title: Fixes for potentially exploitable crashes ported to the legacy branch
Impact: Critical
Announced: March 16, 2010
Reporter: Mozilla developers and community
Products: Thunderbird, SeaMonkey

Fixed in: Thunderbird 2.0.0.24
SeaMonkey 1.1.19

Description

Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey 1.1.

References

Paul Fisher reported a crash when joined to an Active Directory server under Vista or Windows 7 and using SSPI authentication.

Ludovic Hirlimann reported a crash indexing some messages with attachments

Carsten Book reported a crash in the JavaScript engine

Josh Soref reported a crash in the BinHex decoder used on non-Mac platforms.

monarch2000 reported an integer overflow in a base64 decoding function