[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-0775Date: (C)2009-03-04   (M)2024-03-27


Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1021796
BID-33990
SECUNIA-34137
SECUNIA-34140
SECUNIA-34145
SECUNIA-34272
SECUNIA-34324
SECUNIA-34383
SECUNIA-34417
ADV-2009-0632
DSA-1751
FEDORA-2009-2882
FEDORA-2009-2884
MDVSA-2009:075
RHSA-2009:0258
RHSA-2009:0315
RHSA-2009:0325
SUSE-SA:2009:012
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
https://bugzilla.mozilla.org/show_bug.cgi?id=474456
oval:org.mitre.oval:def:5806
oval:org.mitre.oval:def:5816
oval:org.mitre.oval:def:6207
oval:org.mitre.oval:def:7584
oval:org.mitre.oval:def:9681

CPE    88
cpe:/a:mozilla:thunderbird:2.0.0.18
cpe:/a:mozilla:thunderbird:2.0.0.19
cpe:/a:mozilla:thunderbird:2.0.0.14
cpe:/a:mozilla:thunderbird:2.0.0.16
...
CWE    1
CWE-399
OVAL    71
oval:org.mitre.oval:def:5816
oval:org.mitre.oval:def:5806
oval:org.mitre.oval:def:6207
oval:org.secpod.oval:def:202060
...

© SecPod Technologies