Description
A flaw was found in the way the Gopher parser in Firefox converted text
into HTML. A malformed file name on a Gopher server could, when accessed by
a victim running Firefox, allow arbitrary JavaScript to be executed in the
context of the Gopher domain. (CVE-2010-3177)
A same-origin policy bypass flaw was found in Firefox. An attacker could
create a malicious web page that, when viewed by a victim, could steal
private data from a different website the victim had loaded with Firefox.
(CVE-2010-3178)
A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH
variable was appending a "." character, which could allow a local attacker
to execute arbitrary code with the privileges of a different user running
Firefox, if that user ran Firefox from within an attacker-controlled
directory. (CVE-2010-3182)