CVE-2009-0775 Information

Description

Double free vulnerability in Mozilla Firefox before 3.0.7 Thunderbird before 2.0.0.21 and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via \cloned XUL DOM elements which were linked as a parent and child\ which are not properly handled during garbage collection.

Reference

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34324 http://secunia.com/advisories/34383 http://secunia.com/advisories/34417 http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document http://www.debian.org/security/2009/dsa-1751 http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 http://www.mozilla.org/security/announce/2009/mfsa2009-08.html http://www.redhat.com/support/errata/RHSA-2009-0258.html http://www.redhat.com/support/errata/RHSA-2009-0315.html http://www.redhat.com/support/errata/RHSA-2009-0325.html http://www.securityfocus.com/bid/33990 http://www.securitytracker.com/id?1021796 http://www.vupen.com/english/advisories/2009/0632 https://bugzilla.mozilla.org/show_bug.cgi?id=474456 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5806 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5816 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6207 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7584 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9681 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html