The user interface event dispatcher in Mozilla Firefox 3.0.3 on
Windows XP SP2 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a series of
keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup
events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X
10.5 is also affected.
Confimed to work on 3.0.3!
I'm not sure if this also could be A2 (remote code exec): http://www.securityfocus.com/bid/31476/discuss
3.0.1-r1 crashes (just closes) after freezing for about 5 seconds.
If it only affects the 3.x firefoxes, it should be ~ rated, and severity changed.
I tested 22.214.171.124 now, the exploit does not do anything to it, so I'm changing it.
They do not mention it here:
Upstream release plan for 3.0.4:
There is a fix available, please provide an ebuild.
3.0.4 in tree, closing noglsa.