A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey
The vulnerabilities are reported in Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16.
A weakness and multiple vulnerabilities have been reported in Mozilla Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.
Secunia Advisory SA52280
Mozilla Security Advisory 2013-21
An out-of-bounds read can be triggered in mozilla::image::RasterImage::DrawFrameTo() when rendering GIF images to potentially access potentially sensitive data that is ostensibly inaccesible.
A WebIDL object can be wrapped multiple times to overwrite the existing wrapped state and potentially execute arbitrary code.
Some protections in Chrome Object Wrappers (COW) and System Only Wrappers (SOW) can be bypassed to obtain information from chrome objects and possibly execute arbitrary code.
A remote user can create a specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
A remote user can determine the file system location of the active browser profile.
A remote proxy server can return a 407 response. When the user cancels the proxy's authentication prompt, the addressbar will continue to show the requested HTTPS URL.