From milw0rm: Mozilla Firefox 3.0.7 OnbeforeUnLoad DesignMode Dereference Crash (see URL for PoC code)
Exploit crashed non-bin Fx 3.0.7 here on amd64. Mozilla people, I'm sure you know the upstream bugzie better than I do, maybe you find an upstream bug or feel like opening one. ;)
CVE-2009-1044 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044): Unspecified vulnerability in Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. CVE-2009-1169 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169): The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox 3.0.7 and earlier allows remote attackers to cause a denial of service (crash) via an XML file with a crafted XSLT transform.
Arches, please test and mark stable: =net-libs/xulrunner-1.9.0.8 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 x86" =www-client/mozilla-firefox-3.0.8 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 x86" =www-client/mozilla-firefox-bin-3.0.8 Target keywords : "amd64 x86"
Stable for HPPA.
ppc stable
=net-libs/xulrunner-1.9.0.8 =www-client/mozilla-firefox-3.0.8 stable on amd64 (-bin still remains)
ppc64 done
alpha/arm/ia64/x86 stable, sparc has nothing to do here
ping, amd64
rich0 made is amd64 stable 3 days ago.
(In reply to comment #10) > rich0 made is amd64 stable 3 days ago. > not mozilla-firefox-bin
-bin done
Alright, already handled in glsamaker.
All done?
Nothing for mozilla team to do here, none of the affected versions are in-tree anymore.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).