Versions of Firefox 3.6.x earlier than 3.6.17 are potentially affected by multiple vulnerabilities :
Multiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)
Multiple dangling pointer vulnerabilities exist. (MFSA2011-13)
A Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history. (MFSA2011-14)
The Java Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox could be exploited to obtain elevated access to resources on a userβs system. (MFSA2011-15)
The 'resource: β protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. (MFSA2011-16)
The XSLT βgenerate-id()β function returned a string that revealed a specific valid address of an object on the memory heap. (MFSA2011-18)
Binary data 801238.prm
.mozilla.org/security/announce/2011/mfsa2011-12.html
.mozilla.org/security/announce/2011/mfsa2011-13.html
.mozilla.org/security/announce/2011/mfsa2011-14.html
.mozilla.org/security/announce/2011/mfsa2011-15.html
.mozilla.org/security/announce/2011/mfsa2011-16.html
.mozilla.org/security/announce/2011/mfsa2011-18.html
.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.17
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202