CVE-2009-1838

Firefox < 3.0.10 - Remote Code Execution via Garbage Collection Event Handler

Title source: llm
STIX 2.1

Description

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

References (36)

Core 36
Core References
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-782-1
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=489131
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1572
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-1096.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1830
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35536
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35602
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1125.html
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35326
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35440
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35428
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35431
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35331
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35468
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35439
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35882
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35415
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1095.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35383
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/55157
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35561
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=503580
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1820
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1126.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022397

Scores

EPSS 0.0479
EPSS Percentile 90.9%

Details

CWE
CWE-94
Status published
Products (45)
mozilla/firefox 0.1
mozilla/firefox 0.2
mozilla/firefox 0.3
mozilla/firefox 0.4
mozilla/firefox 0.5
mozilla/firefox 0.6
mozilla/firefox 0.6.1
mozilla/firefox 0.7
mozilla/firefox 0.7.1
mozilla/firefox 0.8
... and 35 more
Published Jun 12, 2009
Tracked Since Feb 18, 2026