The complete list of vulnerabilities is avaialble down below:
– An unspecified error in the handling of "XPCNativeWrappers" can lead to the execution of arbitrary Javascript code with the user’s privileges via "setTimeout()" calls.
– Various errors in the handling of Javascript code can be exploited to conduct cross-site scripting attacks or execute arbitrary code.
– Various errors in the layout engine can be exploited to cause a memory corruption.
– Various errors in the Javascript engine can be exploited to cause a memory corruption. Successful exploitation of these vulnerabilities may allow execution of arbitrary code.
– An error within the handling of HTTP "Referer:" headers sent with requests to URLs containing Basic Authentication credentials having an empty username can be exploited to bypass cross-site request forgery protections.
– The problem is that Firefox offers a previously configured private SSL certificate when establishing connections to webservers requesting SSL Client Authentication. This can potentially be exploited to disclose sensitive information via a malicious webserver.
– An error in the handling of the "jar:" protocol can be exploited to establish connections to arbitrary ports on the local machine.
– An error when displaying XUL pop-up windows can be exploited to hide the window’s borders and facilitate phishing attacks.