MFSA 2009-47 (CVE-2009-{3069,3070,3071,3072,3073,3074,3075}): Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-49 (CVE-2009-3077): An anonymous security researcher, via TippingPoint's Zero Day Initiative, reported that the columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on the victim's computer. MFSA 2009-50 (CVE-2009-3078): Security researcher Juan Pablo Lopez Yacubian reported that the default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site. Corrie Sloot also independently reported this issue to Mozilla. MFSA 2009-51 (CVE-2009-3079): Mozilla security researcher moz_bug_r_a4 reported that the BrowserFeedWriter could be leveraged to run JavaScript code from web content with elevated privileges. Using this vulnerability, an attacker could construct an object containing malicious JavaScript and cause the FeedWriter to process the object, running the malicious code with chrome privileges.
MFSA 2009-48 (CVE-2009-3076): Mozilla security researcher Jesse Ruderman reported that when security modules were added or removed via pkcs11.addmodule or pkcs11.deletemodule, the resulting dialog was not sufficiently informative. Without sufficient warning, an attacker could entice a victim to install a malicious PKCS11 module and affect the cryptographic integrity of the victim's browser. Security researcher Dan Kaminsky reported that this issue had not been fixed in Firefox 3.0 and that under certain circumstances pkcs11 modules could be installed from a remote location.
=net-libs/xulrunner-1.9.0.14 =www-client/mozilla-firefox[-bin]-3.0.14 in the tree
Arches, please test and mark stable: =www-client/mozilla-firefox-3.0.14 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =net-libs/xulrunner-1.9.0.14 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" =www-client/mozilla-firefox-bin-3.0.14 Target keywords : "amd64 x86"
x86 stable
CVE-2009-3070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3074 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074): Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075): Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076): Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. CVE-2009-3077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077): Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." CVE-2009-3078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078): Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. CVE-2009-3079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079): Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
The CVE listing and Summary indicate the correct list of issues fixed in 3.0.14, not the initial MSFA listing.
alpha/arm/ia64/sparc stable
amd64 stable
ppc64 done
Stable for HPPA.
Marked ppc stable.
This will be added to a pending glsa.
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).