Secunia

Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a user's system.

1) Some unspecified errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code.

2) An error when handling very long strings passed to "document.write" can be exploited to overwrite sections of the stack memory and potentially execute arbitrary code.

3) The "locationbar" property of a "window" object is accessible after it has been closed, which can be exploited to e.g. execute arbitrary code.

4) A missing sanity check within the "LookupGetterorSetter()" function when creating or deleting a JavaScript object can result in a dangling pointer being passed to the "JS_ValueToId()" function, which can be exploited to execute arbitrary code by e.g. calling "window.__lookupGetter__" with no arguments.

5) An error within the Gopher parser when generating HTML tags from text can be exploited to conduct cross-site scripting attacks.

6) An error when handling modal calls via "javascript:" URLs can be exploited to bypass the same-origin policy and e.g. gain access to potentially sensitive information from another website.

7) A vulnerability is caused due to the use of vulnerable Network Security Services (NSS) code.

For more information:
SA41237

8) A function uses relative paths to load libraries, which can be exploited to execute arbitrary code by e.g. tricking a user into running the application in a directory containing a malicious library.

Note: This only affects the Windows version.

9) A security issue is caused due to the launch script insecurely setting the environment variable LD_LIBRARY_PATH. This can be exploited to execute arbitrary code e.g. by tricking a user into running the script in a directory containing a malicious library.

Note: This only affects the Linux version.

10) The SSL implementation permits the use of Diffie-Hellman Ephemeral (DHE) with insufficiently secure keys.

Solution
Update to version 3.5.14 or 3.6.11.

Provided and/or discovered by
4) regenrecht, via ZDI
7) Richard Moore and Simon Ward, Westpoint Limited

The vendor credits:
1) Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, and Siddharth Agarwal
2) Alexander Miller
3) Sergey Glazunov
5) Robert Swiecki, Google
6) Eduardo Vela Nava
8) Ehsan Akhgari, Mozilla
9) Dmitri Gribenko
10) Nelson Bolyard, Mozilla

Changelog
Further details available in Customer Area

Original Advisory
Mozilla:
http://www.mozilla.org/security/announce/2010/mfsa2010-64.html
http://www.mozilla.org/security/announce/2010/mfsa2010-65.html
http://www.mozilla.org/security/announce/2010/mfsa2010-66.html
http://www.mozilla.org/security/announce/2010/mfsa2010-67.html
http://www.mozilla.org/security/announce/2010/mfsa2010-68.html
http://www.mozilla.org/security/announce/2010/mfsa2010-69.html
http://www.mozilla.org/security/announce/2010/mfsa2010-70.html
http://www.mozilla.org/security/announce/2010/mfsa2010-71.html
http://www.mozilla.org/security/announce/2010/mfsa2010-72.html

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-219/

Westpoint Limited:
http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area