CVE-2009-1838

EPSS 4.63%
Published 12.06.2009 21:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

Affected products Warnungen 0 Metrics 2 CWE 1 References 39

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 3.0.10

Mozilla ≫ Firefox Version0.1

Mozilla ≫ Firefox Version0.2

Mozilla ≫ Firefox Version0.3

Mozilla ≫ Firefox Version0.4

Mozilla ≫ Firefox Version0.5

Mozilla ≫ Firefox Version0.6

Mozilla ≫ Firefox Version0.6.1

Mozilla ≫ Firefox Version0.7

Mozilla ≫ Firefox Version0.7.1

Mozilla ≫ Firefox Version0.8

Mozilla ≫ Firefox Version0.9

Mozilla ≫ Firefox Version0.9 Updaterc

Mozilla ≫ Firefox Version0.9.1

Mozilla ≫ Firefox Version0.9.2

Mozilla ≫ Firefox Version0.9.3

Mozilla ≫ Firefox Version0.9_rc

Mozilla ≫ Firefox Version0.10

Mozilla ≫ Firefox Version0.10.1

Mozilla ≫ Firefox Version1.0

Mozilla ≫ Firefox Version1.0 Updatepreview_release

Mozilla ≫ Firefox Version1.0.1

Mozilla ≫ Firefox Version1.0.2

Mozilla ≫ Firefox Version1.0.3

Mozilla ≫ Firefox Version1.0.4

Mozilla ≫ Firefox Version1.0.5

Mozilla ≫ Firefox Version1.0.6

Mozilla ≫ Firefox Version1.0.6 Editionlinux

Mozilla ≫ Firefox Version1.0.7

Mozilla ≫ Firefox Version1.0.8

Mozilla ≫ Firefox Version1.4.1

Mozilla ≫ Firefox Version1.5

Mozilla ≫ Firefox Version1.5 Updatebeta1

Mozilla ≫ Firefox Version1.5 Updatebeta2

Mozilla ≫ Firefox Version1.5.0.1

Mozilla ≫ Firefox Version1.5.0.2

Mozilla ≫ Firefox Version1.5.0.3

Mozilla ≫ Firefox Version1.5.0.4

Mozilla ≫ Firefox Version1.5.0.5

Mozilla ≫ Firefox Version1.5.0.6

Mozilla ≫ Firefox Version1.5.0.7

Mozilla ≫ Firefox Version1.5.0.8

Mozilla ≫ Firefox Version1.5.0.9

Mozilla ≫ Firefox Version1.5.0.10

Mozilla ≫ Firefox Version1.5.0.11

Mozilla ≫ Firefox Version1.5.0.12

Mozilla ≫ Firefox Version1.5.1

Mozilla ≫ Firefox Version1.5.2

Mozilla ≫ Firefox Version1.5.3

Mozilla ≫ Firefox Version1.5.4

Mozilla ≫ Firefox Version1.5.5

Mozilla ≫ Firefox Version1.5.6

Mozilla ≫ Firefox Version1.5.7

Mozilla ≫ Firefox Version1.5.8

Mozilla ≫ Firefox Version1.8

Mozilla ≫ Firefox Version2.0

Mozilla ≫ Firefox Version2.0 Updatebeta_1

Mozilla ≫ Firefox Version2.0 Updatebeta1

Mozilla ≫ Firefox Version2.0 Updaterc2

Mozilla ≫ Firefox Version2.0 Updaterc3

Mozilla ≫ Firefox Version2.0.0.1

Mozilla ≫ Firefox Version2.0.0.2

Mozilla ≫ Firefox Version2.0.0.3

Mozilla ≫ Firefox Version2.0.0.4

Mozilla ≫ Firefox Version2.0.0.5

Mozilla ≫ Firefox Version2.0.0.6

Mozilla ≫ Firefox Version2.0.0.7

Mozilla ≫ Firefox Version2.0.0.8

Mozilla ≫ Firefox Version2.0.0.9

Mozilla ≫ Firefox Version2.0.0.10

Mozilla ≫ Firefox Version2.0.0.11

Mozilla ≫ Firefox Version2.0.0.12

Mozilla ≫ Firefox Version2.0.0.13

Mozilla ≫ Firefox Version2.0.0.14

Mozilla ≫ Firefox Version2.0.0.15

Mozilla ≫ Firefox Version2.0.0.16

Mozilla ≫ Firefox Version2.0.0.17

Mozilla ≫ Firefox Version2.0.0.18

Mozilla ≫ Firefox Version2.0.0.19

Mozilla ≫ Firefox Version2.0.0.20

Mozilla ≫ Firefox Version2.0.0.21

Mozilla ≫ Firefox Version2.0_.1

Mozilla ≫ Firefox Version2.0_.4

Mozilla ≫ Firefox Version2.0_.5

Mozilla ≫ Firefox Version2.0_.6

Mozilla ≫ Firefox Version2.0_.7

Mozilla ≫ Firefox Version2.0_.9

Mozilla ≫ Firefox Version2.0_.10

Mozilla ≫ Firefox Version2.0_8

Mozilla ≫ Firefox Version3.0

Mozilla ≫ Firefox Version3.0 Updatealpha

Mozilla ≫ Firefox Version3.0 Updatebeta2

Mozilla ≫ Firefox Version3.0 Updatebeta5

Mozilla ≫ Firefox Version3.0.1

Mozilla ≫ Firefox Version3.0.2

Mozilla ≫ Firefox Version3.0.3

Mozilla ≫ Firefox Version3.0.4

Mozilla ≫ Firefox Version3.0.5

Mozilla ≫ Firefox Version3.0.6

Mozilla ≫ Firefox Version3.0.7

Mozilla ≫ Firefox Version3.0.8

Mozilla ≫ Firefox Version3.0.9

Mozilla ≫ Firefox Version3.0beta5

Mozilla ≫ Seamonkey Version <= 1.1.16

Mozilla ≫ Seamonkey Version1.0

Mozilla ≫ Seamonkey Version1.0 Editionalpha

Mozilla ≫ Seamonkey Version1.0 Editionbeta

Mozilla ≫ Seamonkey Version1.0 Editiondev

Mozilla ≫ Seamonkey Version1.0 Updatealpha

Mozilla ≫ Seamonkey Version1.0 Updatebeta

Mozilla ≫ Seamonkey Version1.0.1

Mozilla ≫ Seamonkey Version1.0.3

Mozilla ≫ Seamonkey Version1.0.4

Mozilla ≫ Seamonkey Version1.0.6

Mozilla ≫ Seamonkey Version1.0.8

Mozilla ≫ Seamonkey Version1.0.9

Mozilla ≫ Seamonkey Version1.0.99

Mozilla ≫ Seamonkey Version1.1

Mozilla ≫ Seamonkey Version1.1 Updatealpha

Mozilla ≫ Seamonkey Version1.1 Updatebeta

Mozilla ≫ Seamonkey Version1.1.1

Mozilla ≫ Seamonkey Version1.1.3

Mozilla ≫ Seamonkey Version1.1.5

Mozilla ≫ Seamonkey Version1.1.5 Update1.1.10

Mozilla ≫ Seamonkey Version1.1.6

Mozilla ≫ Seamonkey Version1.1.7

Mozilla ≫ Seamonkey Version1.1.8

Mozilla ≫ Seamonkey Version1.1.9

Mozilla ≫ Seamonkey Version1.1.10

Mozilla ≫ Seamonkey Version1.1.11

Mozilla ≫ Seamonkey Version1.1.12

Mozilla ≫ Seamonkey Version1.1.13

Mozilla ≫ Seamonkey Version1.1.15

Mozilla ≫ Thunderbird Version <= 2.0.0.19

Mozilla ≫ Thunderbird Version0.1

Mozilla ≫ Thunderbird Version0.2

Mozilla ≫ Thunderbird Version0.3

Mozilla ≫ Thunderbird Version0.4

Mozilla ≫ Thunderbird Version0.5

Mozilla ≫ Thunderbird Version0.6

Mozilla ≫ Thunderbird Version0.7

Mozilla ≫ Thunderbird Version0.7.1

Mozilla ≫ Thunderbird Version0.7.2

Mozilla ≫ Thunderbird Version0.7.3

Mozilla ≫ Thunderbird Version0.8

Mozilla ≫ Thunderbird Version0.9

Mozilla ≫ Thunderbird Version1.0

Mozilla ≫ Thunderbird Version1.0.1

Mozilla ≫ Thunderbird Version1.0.2

Mozilla ≫ Thunderbird Version1.0.3

Mozilla ≫ Thunderbird Version1.0.4

Mozilla ≫ Thunderbird Version1.0.5

Mozilla ≫ Thunderbird Version1.0.5 Updatebeta

Mozilla ≫ Thunderbird Version1.0.6

Mozilla ≫ Thunderbird Version1.0.7

Mozilla ≫ Thunderbird Version1.0.8

Mozilla ≫ Thunderbird Version1.5

Mozilla ≫ Thunderbird Version1.5 Updatebeta2

Mozilla ≫ Thunderbird Version1.5.0.1

Mozilla ≫ Thunderbird Version1.5.0.2

Mozilla ≫ Thunderbird Version1.5.0.3

Mozilla ≫ Thunderbird Version1.5.0.4

Mozilla ≫ Thunderbird Version1.5.0.5

Mozilla ≫ Thunderbird Version1.5.0.6

Mozilla ≫ Thunderbird Version1.5.0.7

Mozilla ≫ Thunderbird Version1.5.0.8

Mozilla ≫ Thunderbird Version1.5.0.9

Mozilla ≫ Thunderbird Version1.5.0.10

Mozilla ≫ Thunderbird Version1.5.0.11

Mozilla ≫ Thunderbird Version1.5.0.12

Mozilla ≫ Thunderbird Version1.5.0.13

Mozilla ≫ Thunderbird Version1.5.0.14

Mozilla ≫ Thunderbird Version1.5.1

Mozilla ≫ Thunderbird Version1.5.2

Mozilla ≫ Thunderbird Version1.7.1

Mozilla ≫ Thunderbird Version1.7.3

Mozilla ≫ Thunderbird Version2.0.0.0

Mozilla ≫ Thunderbird Version2.0.0.1

Mozilla ≫ Thunderbird Version2.0.0.2

Mozilla ≫ Thunderbird Version2.0.0.3

Mozilla ≫ Thunderbird Version2.0.0.4

Mozilla ≫ Thunderbird Version2.0.0.5

Mozilla ≫ Thunderbird Version2.0.0.6

Mozilla ≫ Thunderbird Version2.0.0.7

Mozilla ≫ Thunderbird Version2.0.0.8

Mozilla ≫ Thunderbird Version2.0.0.9

Mozilla ≫ Thunderbird Version2.0.0.11

Mozilla ≫ Thunderbird Version2.0.0.12

Mozilla ≫ Thunderbird Version2.0.0.13

Mozilla ≫ Thunderbird Version2.0.0.14

Mozilla ≫ Thunderbird Version2.0.0.15

Mozilla ≫ Thunderbird Version2.0.0.16

Mozilla ≫ Thunderbird Version2.0.0.17

Mozilla ≫ Thunderbird Version2.0.0.18

Mozilla ≫ Thunderbird Version2.0_.4

Mozilla ≫ Thunderbird Version2.0_.5

Mozilla ≫ Thunderbird Version2.0_.6

Mozilla ≫ Thunderbird Version2.0_.9

Mozilla ≫ Thunderbird Version2.0_.12

Mozilla ≫ Thunderbird Version2.0_.13

Mozilla ≫ Thunderbird Version2.0_.14

Mozilla ≫ Thunderbird Version2.0_8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.63%	0.888

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.debian.org/security/2009/dsa-1830

http://secunia.com/advisories/35602

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

http://www.mandriva.com/security/advisories?name=MDVSA-2009:141

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275

http://secunia.com/advisories/35536

http://www.redhat.com/support/errata/RHSA-2009-1125.html

http://www.redhat.com/support/errata/RHSA-2009-1126.html

http://www.ubuntu.com/usn/usn-782-1

http://secunia.com/advisories/35561

http://secunia.com/advisories/35882

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408