Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
02 Feb 2024, 16:03
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 7.5 |
CWE | CWE-416 | |
First Time |
Redhat enterprise Linux Server Aus
Debian debian Linux Redhat enterprise Linux Server Debian Redhat Redhat enterprise Linux Eus Fedoraproject fedora Redhat enterprise Linux Workstation Redhat enterprise Linux Fedoraproject Redhat enterprise Linux Desktop |
|
CPE | cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:* |
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10628 - Broken Link | |
References | (SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 - Broken Link | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html - Mailing List | |
References | (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/35331 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35415 - Broken Link | |
References | (CONFIRM) https://bugzilla.mozilla.org/show_bug.cgi?id=486269 - Exploit, Issue Tracking | |
References | (DEBIAN) http://www.debian.org/security/2009/dsa-1820 - Mailing List, Third Party Advisory | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html - Mailing List | |
References | (SECUNIA) http://secunia.com/advisories/35431 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/34241 - Broken Link, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/35360 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id?1022386 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=503579 - Issue Tracking | |
References | (MISC) http://secunia.com/secunia_research/2009-19/ - Broken Link, Vendor Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2009/1572 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35468 - Broken Link | |
References | (REDHAT) https://rhn.redhat.com/errata/RHSA-2009-1095.html - Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/504260/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/35326 - Broken Link, Third Party Advisory, VDB Entry |
Information
Published : 2009-06-12 21:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-1837
Mitre link : CVE-2009-1837
CVE.ORG link : CVE-2009-1837
JSON object : View
Products Affected
redhat
- enterprise_linux
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_eus
- enterprise_linux_workstation
debian
- debian_linux
mozilla
- firefox
fedoraproject
- fedora