CVE-2009-1838
Firefox < 3.0.10 - Remote Code Execution via Garbage Collection Event Handler
Title source: llmDescription
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
References (36)
Core 36
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-782-1
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
Vendor Advisory vendor-advisory
x_refsource_slackware
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=489131
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1572
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-1096.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1830
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35536
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35602
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1125.html
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35326
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35440
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35428
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35431
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35331
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35468
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35439
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35882
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35415
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1095.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35383
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/55157
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35561
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=503580
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1820
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1126.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022397
Scores
EPSS
0.0479
EPSS Percentile
90.9%
Details
CWE
CWE-94
Status
published
Products (45)
mozilla/firefox
0.1
mozilla/firefox
0.2
mozilla/firefox
0.3
mozilla/firefox
0.4
mozilla/firefox
0.5
mozilla/firefox
0.6
mozilla/firefox
0.6.1
mozilla/firefox
0.7
mozilla/firefox
0.7.1
mozilla/firefox
0.8
... and 35 more
Published
Jun 12, 2009
Tracked Since
Feb 18, 2026