Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.
A bug was found in the way Mozilla installed its extensions. If a user can be tricked into visiting a malicious webpage, it may be possible to obtain sensitive information such as cookies or passwords. (CAN-2005-2263)
A bug was found in the way Mozilla handled multiple frame domains. It is possible for a frame as part of a malicious website to inject content into a frame that belongs to another domain. This issue was previously fixed as CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937)
A bug was found in the way Mozilla handled child frames. It is possible for a malicious framed page to steal sensitive information from its parent page. (CAN-2005-2266)
A bug was found in the way Mozilla cloned base objects. It is possible for Web content to traverse the prototype chain to gain access to privileged chrome objects. (CAN-2005-2270)
Users of Mozilla are advised to upgrade to these updated packages, which contain Mozilla version 1.7.10 and are not vulnerable to these issues.