Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox
before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12,
allows remote attackers to hijack the authentication of arbitrary
users for requests that were initiated by a plugin and received a
307 redirect to a page on a different web site. (CVE-2011-0059)

Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird
before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers
to execute arbitrary code or cause a denial of service (application
crash) via a crafted JPEG image. (CVE-2011-0061)

The nsIScriptableUnescapeHTML.parseFragment method in the
ParanoidFragmentSink protection mechanism in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey
before 2.0.12 does not properly sanitize HTML in a chrome document,
which makes it easier for remote attackers to execute arbitrary
JavaScript with chrome privileges via a javascript: URI in input to
an extension, as demonstrated by a javascript:alert sequence in (1)
the HREF attribute of an A element or (2) the ACTION attribute of a
FORM element. (CVE-2010-1585)

Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before
3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote
attackers to execute arbitrary code or cause a denial of service
(memory corruption) via a long string that triggers construction of
a long text run. (CVE-2011-0058)

Use-after-free vulnerability in the Web Workers implementation
in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14,
and SeaMonkey before 2.0.12, allows remote attackers to execute
arbitrary code via vectors related to a JavaScript Worker and garbage
collection. (CVE-2011-0057)

Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
exception timing and a large number of string values, aka an atom
map issue. (CVE-2011-0056)

Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
non-local JavaScript variables, aka an upvarMap issue. (CVE-2011-0054)

Use-after-free vulnerability in the JSON.stringify method in Mozilla
Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before
2.0.12, might allow remote attackers to execute arbitrary code via
unspecified vectors. (CVE-2011-0055)

Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey
before 2.0.12, does not properly handle certain recursive eval calls,
which makes it easier for remote attackers to force a user to respond
positively to a dialog question, as demonstrated by a question about
granting privileges. (CVE-2011-0051)

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors. (CVE-2011-0062)

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.