[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1838Date: (C)2009-06-12   (M)2024-02-16


The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1022397
SUNALERT-264308
BID-35326
SECUNIA-35331
BID-35383
SECUNIA-35415
SECUNIA-35428
SECUNIA-35431
SECUNIA-35439
SECUNIA-35440
SECUNIA-35468
SECUNIA-35536
SECUNIA-35561
SECUNIA-35602
SECUNIA-35882
OSVDB-55157
ADV-2009-1572
DSA-1820
DSA-1830
FEDORA-2009-6366
FEDORA-2009-6411
FEDORA-2009-7567
FEDORA-2009-7614
MDVSA-2009:141
RHSA-2009:1095
RHSA-2009:1096
RHSA-2009:1125
RHSA-2009:1126
SSA:2009-167-01
SSA:2009-176-01
SSA:2009-178-01
USN-782-1
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
https://bugzilla.mozilla.org/show_bug.cgi?id=489131
https://bugzilla.redhat.com/show_bug.cgi?id=503580
oval:org.mitre.oval:def:11080

CPE    170
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
cpe:/a:mozilla:thunderbird:1.0
cpe:/a:mozilla:thunderbird:1.5
...
CWE    1
CWE-94
OVAL    62
oval:org.secpod.oval:def:102269
oval:org.secpod.oval:def:101604
oval:org.secpod.oval:def:500690
oval:org.secpod.oval:def:200467
...

© SecPod Technologies