+++ This bug was initially created as a clone of Bug #284439 +++ MFSA 2009-47 (CVE-2009-{3069,3070,3071,3072,3073,3074,3075}): Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-49 (CVE-2009-3077): An anonymous security researcher, via TippingPoint's Zero Day Initiative, reported that the columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on the victim's computer. MFSA 2009-50 (CVE-2009-3078): Security researcher Juan Pablo Lopez Yacubian reported that the default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site. Corrie Sloot also independently reported this issue to Mozilla. MFSA 2009-51 (CVE-2009-3079): Mozilla security researcher moz_bug_r_a4 reported that the BrowserFeedWriter could be leveraged to run JavaScript code from web content with elevated privileges. Using this vulnerability, an attacker could construct an object containing malicious JavaScript and cause the FeedWriter to process the object, running the malicious code with chrome privileges.
CVE-2009-3069 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069): Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3072 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3073): Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2009-3077 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077): Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." CVE-2009-3078 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078): Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. CVE-2009-3079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079): Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
The CVE listing and Summary indicate the correct list of issues fixed in 3.5.3, not the initial MSFA listing.
3.5.3 is in tree, in a couple of days I will remove 3.5.2 along with matching xulrunner.
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
Closing noglsa as this bug only affected ~arch users at the time.
