Description: Two vulnerabilities have been reported in Mozilla, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) An error in the restriction of privileged XUL files can e.g. be exploited to open a local privileged XUL file by tricking a user into dragging a faked scrollbar.
The vulnerability itself does not pose any direct security risk as no XUL files in the product use external parameters in an insecure way nor do any destructive actions when being opened.
2) A boundary error in the GIF image processing of Netscape extension 2 blocks can be exploited to cause a heap-based buffer overflow via a specially crafted image.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities have been reported in versions prior to 1.7.6.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
