FreeBSD : mozilla -- multiple vulnerabilities (a1050b8b-6db3-11e1-8b37-0011856a6e37)

The Mozilla Project reports : MFSA 2012-13 XSS with Drag and Drop and Javascript: URL MFSA 2012-14 SVG issues found with Address Sanitizer MFSA 2012-15 XSS with multiple Content Security Policy headers MFSA 2012-16 Escalation of privilege with Javascript: URL as home page MFSA 2012-17 Crash when...

CVE-2012-0460

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a craft...

Code injection

Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a craft...

CVE-2012-0460

CVE-2012-0460 affects Mozilla Firefox 4.x–10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0–10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8. The issue arises from insufficiently restricting write access to the window.fullScreen object, enabling remote pages to spoof the use...

Mozilla Releases Firefox 11, Fixes Pwn2Own Bug

Mozilla has released Firefox 11 and acknowledged that the security vulnerability that a pair of researchers used in the Pwn2Own contest last week was one that the company already was aware of and working on repairing. The bug that researchers Willem Pinckaers and Vincenzo Iozzo used to compromise...

window.fullScreen writeable by untrusted content — Mozilla

Mozilla developer Matt Brubeck reported that window.fullScreen is writeable by untrusted content now that the DOM fullscreen API is enabled. Because window.fullScreen does not include mozRequestFullscreen's security protections, it could be used for UI spoofing. This code change makes...