Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 255234 (CVE-2009-0071) - www-client/mozilla-firefox<=3.0.5 (CVE-2009-0071)
Summary: www-client/mozilla-firefox<=3.0.5 (CVE-2009-0071)
Status: RESOLVED FIXED
Alias: CVE-2009-0071
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.mozilla.org/show_bug...
Whiteboard: B4 [glsa]
Keywords:
Depends on: CVE-2009-0352
Blocks:
  Show dependency tree
 
Reported: 2009-01-17 01:24 UTC by Stefan Behte (RETIRED)
Modified: 2013-01-08 01:02 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-17 01:24:26 UTC
CVE-2009-0071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071):
  Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is
  enabled, allows remote attackers to cause a denial of service (NULL
  pointer dereference and application crash) via a certain (a)
  replaceChild or (b) removeChild call, followed by a (1)
  queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm
  call.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-23 21:18:43 UTC
mozilla, please advice.
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2009-01-24 10:50:32 UTC
Planned release for 3.0.6 is 3-4 february.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-03-05 23:45:53 UTC
Ready to vote, I vote NO.
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-29 13:50:25 UTC
CVE-2009-2535 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535):
  Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and
  Thunderbird allow remote attackers to cause a denial of service
  (memory consumption and application crash) via a large integer value
  for the length property of a Select object, a related issue to
  CVE-2009-1692.

Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-29 13:51:47 UTC
Gah, last comment should go to another bug.
Comment 6 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-09-16 13:17:23 UTC
Nothing for mozilla team to do here.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:02:55 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).