MFSA 2008-55: Critical立即下载
A crash and remote code execution is possible in nsFrameManager. This vulnerability can be exploited by modifying certain properties of a file input element before it has finished initializing. Details can be found in CVE-2008-5021
MFSA 2008-54: Critical
There's a buffer overflow in http-index-format parser as a result of the way Mozilla parses the http-index-format MIME type. Mozilla says by sending a specially crafted 200 header line in the HTTP index response, an attacker can cause the browser to crash and run arbitrary code on the victim's computer. Details can be found in CVE-2008-0017.
MFSA 2008-53: Critical
MFSA 2008-52: Critical
Mozilla developers identified and fixed several stability bugs which may cause crashes in the browser engine used in Firefox and other Mozilla-based products. Details can be found in CVE-2008-5016 and CVE-2008-5017
MFSA 2008-50: Critical
Mozilla says by tampering with the window.__proto__.__proto__ object, a remote attacker can cause the browser to place a lock on a non-native object, leading to a crash and possible execution of arbitrary code. Details can be found in CVE-2008-5014
MFSA 2008-49: Critical
MFSA 2008-48: High
Mozilla says the canvas element in Firefox could be used in conjunction with an HTTP redirect to bypass same-origin restrictions and gain access to the content in arbitrary images from other domains. This vulnerability could be used by an attacker to steal private information from a victim who is logged into a website that stores the data in images. Details can be found in CVE-2008-5012
MFSA 2008-57: High
Mozilla says the -moz-binding CSS property can be used to bypass security checks which validate codebase principals. Details can be found in CVE-2008-5023.
MFSA 2008-56: High
MFSA 2008-51: Moderate
MFSA 2008-47: Moderate
Mozilla says locally saved .url shortcut files could be used to read information stored in the local cache. Details can be found in CVE-2008-4582.
MFSA 2008-58: Low
There's a parsing error in E4X default namespace. The error was caused by quote characters in the namespace not being properly escaped. Details can be found in CVE-2008-5024.