CVE-2009-1838 Information

Feb 14, 2021 cve

Description

The garbage-collection implementation in Mozilla Firefox before 3.0.11 Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 sets an element’s owner document to null in unspecified circumstances which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler related to an incorrect context for this event handler.

Reference

http://osvdb.org/55157 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1820 http://www.debian.org/security/2009/dsa-1830 http://www.mandriva.com/security/advisories?name=MDVSA-2009:141 http://www.mozilla.org/security/announce/2009/mfsa2009-29.html http://www.redhat.com/support/errata/RHSA-2009-1125.html http://www.redhat.com/support/errata/RHSA-2009-1126.html http://www.securityfocus.com/bid/35326 http://www.securityfocus.com/bid/35383 http://www.securitytracker.com/id?1022397 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275 http://www.ubuntu.com/usn/usn-782-1 http://www.vupen.com/english/advisories/2009/1572 https://bugzilla.mozilla.org/show_bug.cgi?id=489131 https://bugzilla.redhat.com/show_bug.cgi?id=503580 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11080 https://rhn.redhat.com/errata/RHSA-2009-1095.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html

Share on: