Summary: | <www-client/mozilla-firefox-3.5.3 Multiple vulnerabilities (CVE-2009-{3069,3072,3073,3077,3078,3079}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | gentoo.bugs.10, n-roeser |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.3 | ||
Whiteboard: | ~2 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2009-09-10 09:04:41 UTC
CVE-2009-3069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3073): Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077): Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." CVE-2009-3078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078): Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. CVE-2009-3079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079): Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. The CVE listing and Summary indicate the correct list of issues fixed in 3.5.3, not the initial MSFA listing. 3.5.3 is in tree, in a couple of days I will remove 3.5.2 along with matching xulrunner. Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore. Closing noglsa as this bug only affected ~arch users at the time. |