Mandriva Linux Security Advisory 2009-084 - Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8. This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages requiring it have also been rebuilt and are being provided as updates.
7337027c6d9eab4a1b99091201ccfc3d20e82590fc265a2fca649cc8d927d330
Zero Day Initiative Advisory 09-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the XUL tree method _moveToEdgeShift(). In some cases this call will trigger garbage collection routines on in use objects which will result in a future call to a dangling pointer. This can be leveraged to execute arbitrary code under the context of the current user.
3724f5c1eebf4bf4363f9863b128d77eea5832e13ed30fc3630b4dc48d27f13b
Debian Security Advisory 1756-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
25ae987122b9503b07f7231a697f4f52d1aa0dd70a0fbd140f45e0412035da2e
Ubuntu Security Notice USN-745-1 - It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and 8.10. A flaw was discovered in the way Firefox performed XSLT transformations. If a user were tricked into opening a crafted XSL stylesheet, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program.
0163025e9b14eb8932b5e588c489caff43377a23cfbe2530118a9d37258afaa3