Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 284439 (CVE-2009-3070) - <www-client/mozilla-firefox-3.0.14 Multiple vulnerabilities (CVE-2009-{3070,3071,3072,3074,3075,3076,3077,3078,3079})
Summary: <www-client/mozilla-firefox-3.0.14 Multiple vulnerabilities (CVE-2009-{3070,3...
Status: RESOLVED FIXED
Alias: CVE-2009-3070
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.mozilla.org/security/known...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-10 09:03 UTC by Alex Legler (RETIRED)
Modified: 2013-01-08 01:03 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-10 09:03:20 UTC
MFSA 2009-47 (CVE-2009-{3069,3070,3071,3072,3073,3074,3075}):
Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

MFSA 2009-49 (CVE-2009-3077):
An anonymous security researcher, via TippingPoint's Zero Day Initiative, reported that the columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on the victim's computer.

MFSA 2009-50 (CVE-2009-3078):
Security researcher Juan Pablo Lopez Yacubian reported that the default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site.
Corrie Sloot also independently reported this issue to Mozilla.

MFSA 2009-51 (CVE-2009-3079):
Mozilla security researcher moz_bug_r_a4 reported that the BrowserFeedWriter could be leveraged to run JavaScript code from web content with elevated privileges. Using this vulnerability, an attacker could construct an object containing malicious JavaScript and cause the FeedWriter to process the object, running the malicious code with chrome privileges.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-10 09:09:14 UTC
MFSA 2009-48 (CVE-2009-3076):
Mozilla security researcher Jesse Ruderman reported that when security modules were added or removed via pkcs11.addmodule or pkcs11.deletemodule, the resulting dialog was not sufficiently informative. Without sufficient warning, an attacker could entice a victim to install a malicious PKCS11 module and affect the cryptographic integrity of the victim's browser.

Security researcher Dan Kaminsky reported that this issue had not been fixed in Firefox 3.0 and that under certain circumstances pkcs11 modules could be installed from a remote location.
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2009-09-10 18:06:55 UTC
=net-libs/xulrunner-1.9.0.14
=www-client/mozilla-firefox[-bin]-3.0.14
in the tree
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-10 18:33:05 UTC
Arches, please test and mark stable:
=www-client/mozilla-firefox-3.0.14
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=net-libs/xulrunner-1.9.0.14
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

=www-client/mozilla-firefox-bin-3.0.14
Target keywords : "amd64 x86"
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2009-09-10 22:06:27 UTC
x86 stable
Comment 5 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-11 08:47:56 UTC
CVE-2009-3070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 3.0.14 allow remote attackers to cause a denial of
  service (memory corruption and application crash) or possibly execute
  arbitrary code via unknown vectors.

CVE-2009-3071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers
  to cause a denial of service (memory corruption and application
  crash) or possibly execute arbitrary code via unknown vectors.

CVE-2009-3072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072):
  Multiple unspecified vulnerabilities in the browser engine in Mozilla
  Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers
  to cause a denial of service (memory corruption and application
  crash) or possibly execute arbitrary code via unknown vectors.

CVE-2009-3074 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074):
  Unspecified vulnerability in the JavaScript engine in Mozilla Firefox
  before 3.0.14 allows remote attackers to cause a denial of service
  (memory corruption and application crash) or possibly execute
  arbitrary code via unknown vectors.

CVE-2009-3075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075):
  Multiple unspecified vulnerabilities in the JavaScript engine in
  Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote
  attackers to cause a denial of service (memory corruption and
  application crash) or possibly execute arbitrary code via unknown
  vectors.

CVE-2009-3076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076):
  Mozilla Firefox before 3.0.14 does not properly implement certain
  dialogs associated with the (1) pkcs11.addmodule and (2)
  pkcs11.deletemodule operations, which makes it easier for remote
  attackers to trick a user into installing or removing an arbitrary
  PKCS11 module.

CVE-2009-3077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077):
  Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not
  properly manage pointers for the columns (aka TreeColumns) of a XUL
  tree element, which allows remote attackers to execute arbitrary code
  via a crafted HTML document, related to a "dangling pointer
  vulnerability."

CVE-2009-3078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078):
  Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and
  3.5.x before 3.5.3, allows remote attackers to trigger a vertical
  scroll and spoof URLs via unspecified Unicode characters with a tall
  line-height property.

CVE-2009-3079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079):
  Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x
  before 3.5.3, allows remote attackers to execute arbitrary JavaScript
  with chrome privileges via vectors involving an object, the
  FeedWriter, and the BrowserFeedWriter.

Comment 6 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-11 08:51:11 UTC
The CVE listing and Summary indicate the correct list of issues fixed in 3.0.14, not the initial MSFA listing.
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2009-09-11 16:30:07 UTC
alpha/arm/ia64/sparc stable
Comment 8 Markus Meier gentoo-dev 2009-09-11 20:37:07 UTC
amd64 stable
Comment 9 Brent Baude (RETIRED) gentoo-dev 2009-09-13 13:10:11 UTC
ppc64 done
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2009-09-13 14:24:15 UTC
Stable for HPPA.
Comment 11 Joe Jezak (RETIRED) gentoo-dev 2009-09-15 17:24:35 UTC
Marked ppc stable.
Comment 12 Stefan Behte (RETIRED) gentoo-dev Security 2009-11-06 15:27:37 UTC
This will be added to a pending glsa.
Comment 13 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-09-16 13:36:17 UTC
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:03:31 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).