=================================== Mozilla Security Advisory MSA05-002 =================================== Title: Opened attachments are temporarily saved world-readable Severity: Moderate (on a multiuser computer) Reporter: danielk Fixed in: Firefox 1.0 Thunderbird 0.9 Mozilla Suite 1.7.5 Vulnerable: Firefox 0.9 Thunderbird 0.6 Mozilla 1.7 Description ----------- Mozilla software released after March 2004 saves some temporary files with world-readable permissions. In the browser this is primarily content fed to helper applications (for example, PDF files), and in the mail clients it is attachments. Workaround ---------- Do not open sensitive mail attachments on a shared multiuser machine. Upgrade to fixed version References ---------- https://bugzilla.mozilla.org/show_bug.cgi?id=251297
=================================== Mozilla Security Advisory MSA05-006 =================================== Title: Heap overrun handling malicious news: URL Severity: High Reporter: Maurycy Prodeus (iSEC Security Research) Fixed in: Thunderbird 0.9 Mozilla Suite 1.7.5 Description ----------- Maurycy Prodeus of iSEC Security Research reports a heap overrun in processing certain news: URLs. Thunderbird and the Mozilla Suite are affected; Firefox does not support the news: scheme. Workaround ---------- Upgrade to fixed version. References ---------- http://isec.pl/vulnerabilities/isec-0020-mozilla.txt https://bugzilla.mozilla.org/show_bug.cgi?id=264388
The issue described in comment #1 is CAN-2004-1316
=================================== Mozilla Security Advisory MSA05-008 =================================== Title: Synthetic middle-click event can steal clipboard contents Severity: Moderate Reporter: Jesse Ruderman Fixed in: Firebird 1.0 Mozilla Suite 1.7.5 Description ----------- Script-generated middle-click events can steal clipboard contents on systems where that action is a paste. Middle-click paste is the default behavior on Unix systems, and a hidden option elsewhere. Workaround ---------- Disable javascript or upgrade to fixed version. References ---------- https://bugzilla.mozilla.org/show_bug.cgi?id=265728
Fixed in fc3 updates already.