CVE-2009-1838

critical

Description

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

References

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html

https://rhn.redhat.com/errata/RHSA-2009-1095.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080

https://bugzilla.redhat.com/show_bug.cgi?id=503580

https://bugzilla.mozilla.org/show_bug.cgi?id=489131

http://www.vupen.com/english/advisories/2009/1572

http://www.ubuntu.com/usn/usn-782-1

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275

http://www.securitytracker.com/id?1022397

http://www.securityfocus.com/bid/35383

http://www.securityfocus.com/bid/35326

http://www.redhat.com/support/errata/RHSA-2009-1126.html

http://www.redhat.com/support/errata/RHSA-2009-1125.html

http://www.mozilla.org/security/announce/2009/mfsa2009-29.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:141

http://www.debian.org/security/2009/dsa-1830

http://www.debian.org/security/2009/dsa-1820

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468

http://secunia.com/advisories/35882

http://secunia.com/advisories/35602

http://secunia.com/advisories/35561

http://secunia.com/advisories/35536

http://secunia.com/advisories/35468

http://secunia.com/advisories/35440

http://secunia.com/advisories/35439

http://secunia.com/advisories/35431

http://secunia.com/advisories/35428

http://secunia.com/advisories/35415

http://secunia.com/advisories/35331

http://rhn.redhat.com/errata/RHSA-2009-1096.html

http://osvdb.org/55157

Details

Source: Mitre, NVD

Published: 2009-06-12

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical