CVE-2009-1571 Information

Description

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8 Thunderbird before 3.0.2 and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242 http://secunia.com/advisories/38770 http://secunia.com/advisories/38772 http://secunia.com/advisories/38847 http://secunia.com/secunia_research/2009-45/ http://www.debian.org/security/2010/dsa-1999 http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 http://www.mandriva.com/security/advisories?name=MDVSA-2010:051 http://www.mozilla.org/security/announce/2010/mfsa2010-03.html http://www.redhat.com/support/errata/RHSA-2010-0112.html http://www.redhat.com/support/errata/RHSA-2010-0113.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html http://www.securityfocus.com/archive/1/509585/100/0/threaded http://www.ubuntu.com/usn/USN-895-1 http://www.ubuntu.com/usn/USN-896-1 http://www.vupen.com/english/advisories/2010/0405 http://www.vupen.com/english/advisories/2010/0650 https://bugzilla.mozilla.org/show_bug.cgi?id=526500 https://exchange.xforce.ibmcloud.com/vulnerabilities/56361 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11227 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A8615