CVE-2009-3981: Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a…

CVE-2009-3981 [HIGH] GHSA-3rf9-fc8c-hj8h: Unspecified vulnerability in the browser engine in Mozilla Firefox before 3 Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

[CRITICAL] Firefox 3.0 and Xulrunner 1.9 regression Title: Firefox 3.0 and Xulrunner 1.9 regression Summary: Firefox 3.0 and Xulrunner 1.9 regression USN-873-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced a regression when using NTLM authentication. This update fixes the problem and adds additional stability fixes. We apologize for the inconvenience. Original advisory details: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) Takehiro Takahashi discovere

CVE-2009-3979 [CRITICAL] Firefox 3.0 and Xulrunner 1.9 vulnerabilities Title: Firefox 3.0 and Xulrunner 1.9 vulnerabilities Summary: Firefox 3.0 and Xulrunner 1.9 vulnerabilities Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Jonathan Morgan discovered that Firefox did not

CVE-2009-3981 [CRITICAL] Mozilla crashes with evidence of memory corruption Mozilla crashes with evidence of memory corruption Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2009-3981 [CRITICAL] CVE-2009-3981 Mozilla crashes with evidence of memory corruption CVE-2009-3981 Mozilla crashes with evidence of memory corruption Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jesse Ruderman reported a crash in the browser engine which only affected Firefox 3. Discussion: This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:1674 https://rhn.redhat.com/errata/RHSA-2009-1674.html