Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
02 Feb 2024, 16:03
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/34241 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/35331 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/35415 - Broken Link | |
References | () http://secunia.com/advisories/35431 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/35468 - Broken Link | |
References | () http://secunia.com/secunia_research/2009-19/ - Broken Link, Vendor Advisory | |
References | () http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 - Broken Link | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 - Broken Link | |
References | () http://www.debian.org/security/2009/dsa-1820 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/archive/1/504260/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/35326 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/35360 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1022386 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2009/1572 - Broken Link, Vendor Advisory | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=486269 - Exploit, Issue Tracking | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=503579 - Issue Tracking | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10628 - Broken Link | |
References | () https://rhn.redhat.com/errata/RHSA-2009-1095.html - Third Party Advisory | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html - Mailing List | |
First Time |
Redhat enterprise Linux
Debian Redhat enterprise Linux Eus Redhat Redhat enterprise Linux Desktop Redhat enterprise Linux Server Debian debian Linux Fedoraproject fedora Fedoraproject Redhat enterprise Linux Server Aus Redhat enterprise Linux Workstation |
|
CWE | CWE-416 | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 7.5 |
CPE | cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:* |
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:* |
Information
Published : 2009-06-12 21:30
Updated : 2024-02-02 16:03
NVD link : CVE-2009-1837
Mitre link : CVE-2009-1837
CVE.ORG link : CVE-2009-1837
JSON object : View
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_server_aus
- enterprise_linux
- enterprise_linux_eus
debian
- debian_linux
mozilla
- firefox
fedoraproject
- fedora