Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
Information about the individual bug reports addressed in this update can be found in Mozilla Foundation Security Advisory 2007-12.
Potential consequences include remote execution of arbitrary code and denial of service.
Users that are unable to update should consider the following workaround:
Vendor| Status| Date Notified| Date Updated
Mozilla| | -| 31 May 2007
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
These vulnerabilities were reported in Mozilla Foundation Security Advisory 2007-12 . Mozilla credits Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant with reporting these issues.
This document was written by Chris Taschner.