Published: 12/06/2009 Updated: 02/02/2024

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 prior to 3.0.11 might allow remote malicious users to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
debian debian linux 5.0
fedoraproject fedora 10
fedoraproject fedora 9
redhat enterprise linux server 5.0
redhat enterprise linux 4.0
redhat enterprise linux workstation 5.0
redhat enterprise linux 5.0
redhat enterprise linux desktop 4.0
redhat enterprise linux desktop 5.0
redhat enterprise linux server 4.0
redhat enterprise linux workstation 4.0
redhat enterprise linux server aus 5.3
redhat enterprise linux eus 5.3
redhat enterprise linux eus 4.8

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having critical security impact by the RedHat Security Response Team ...

Several flaws were discovered in the browser and JavaScript engines of Firefox If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838 ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1392 Several issues in the browser engine have been discovered, which can result in the execution of arbitrary ...

Mozilla Foundation Security Advisory 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object Announced June 11, 2009 Reporter Jakob Balle, Carsten Eiram Impact Critical Products Firefox ...

CWE-362 CWE-416 https://bugzilla.redhat.com/show_bug.cgi?id=503579 http://secunia.com/advisories/35431 http://www.vupen.com/english/advisories/2009/1572 http://secunia.com/secunia_research/2009-19/http://secunia.com/advisories/34241 https://rhn.redhat.com/errata/RHSA-2009-1095.html http://www.securityfocus.com/bid/35326 https://bugzilla.mozilla.org/show_bug.cgi?id=486269 http://www.mozilla.org/security/announce/2009/mfsa2009-28.html http://secunia.com/advisories/35331 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html http://www.securitytracker.com/id?1022386 http://www.securityfocus.com/bid/35360 http://secunia.com/advisories/35468 http://www.debian.org/security/2009/dsa-1820 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://secunia.com/advisories/35415 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10628 http://www.securityfocus.com/archive/1/504260/100/0/threaded https://access.redhat.com/errata/RHSA-2009:1095 https://usn.ubuntu.com/779-1/https://nvd.nist.gov

CVE-2009-1837

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect