You are here

CVE-2009-1838

Vincent (CVE) Danen's picture
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

Details Source

Mitre

Public Date

2009-06-11 00:00:00

Impact

Critical

Bugzilla

CVE-2009-1838 Firefox arbitrary code execution flaw

Bugzilla ID

503 580

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2009:1125 2009-06-25
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2009:1126 2009-06-25
Red Hat Enterprise Linux 5 RHSA-2009:1095 2009-06-11
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2009:1126 2009-06-25
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2009:1096 2009-06-11
Red Hat Enterprise Linux 4 (firefox) RHSA-2009:1095 2009-06-11
Red Hat Enterprise Linux 4 (seamonkey) RHSA-2009:1096 2009-06-11

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 xulrunner 1.9.0.11-3.el5_3 Fixed