Description
A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web
page containing a malicious Ogg Vorbis media file could cause Firefox to
crash or, potentially, execute arbitrary code with the privileges of the
user running Firefox. (CVE-2012-0444)
A flaw was found in the way Firefox parsed certain Scalable Vector Graphics
(SVG) image files that contained eXtensible Style Sheet Language
Transformations (XSLT). A web page containing a malicious SVG image file
could cause Firefox to crash or, potentially, execute arbitrary code with
the privileges of the user running Firefox. (CVE-2012-0449)
The same-origin policy in Firefox treated http://example.com and
http://[example.com] as interchangeable. A malicious script could possibly
use this flaw to gain access to sensitive information (such as a client's
IP and user e-mail address, or httpOnly cookies) that may be included in
HTTP proxy error replies, generated in response to invalid URLs using
square brackets. (CVE-2011-3670)