You are here: Security Center > Known Vulnerabilities in Mozilla Products > Security Advisories for Firefox 3.6

Security Advisories for Firefox 3.6

Impact key:

• Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
• High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
• Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
• Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

Fixed in Firefox 3.6.4

MFSA 2010-33 User tracking across sites using Math.random()
MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
MFSA 2010-28 Freed object reuse across plugin instances
MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)

Fixed in Firefox 3.6.3

'MFSA 2010-25 Re-use of freed object due to scope confusion

Fixed in Firefox 3.6.2

MFSA 2010-24 XMLDocument::load() doesn't check nsIContentPolicy
MFSA 2010-23 Image src redirect to mailto: URL opens email editor
MFSA 2010-22 Update NSS to support TLS renegotiation indication
MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop
MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray
MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-16 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19)
MFSA 2010-15 Asynchronous Auth Prompt attaches to wrong window
MFSA 2010-14 Browser chrome defacement via cached XUL stylesheets
MFSA 2010-13 Content policy bypass with image preloading
MFSA 2010-12 XSS using addEventListener and setTimeout on a wrapped object
MFSA 2010-11 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.8/ 1.9.0.18)
MFSA 2010-10 XSS via plugins and unprotected Location object
MFSA 2010-09 Deleted frame reuse in multipart/x-mixed-replace image
MFSA 2010-08 WOFF heap corruption due to integer overflow

There was no Firefox 3.6.1 release.

Fixed in Firefox 3.6

MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain
MFSA 2010-03 Use-after-free crash in HTML parser
MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability
MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)