9.3

CVE-2009-1838

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 3.0.10
MozillaFirefox Version0.1
MozillaFirefox Version0.2
MozillaFirefox Version0.3
MozillaFirefox Version0.4
MozillaFirefox Version0.5
MozillaFirefox Version0.6
MozillaFirefox Version0.6.1
MozillaFirefox Version0.7
MozillaFirefox Version0.7.1
MozillaFirefox Version0.8
MozillaFirefox Version0.9
MozillaFirefox Version0.9 Updaterc
MozillaFirefox Version0.9.1
MozillaFirefox Version0.9.2
MozillaFirefox Version0.9.3
MozillaFirefox Version0.9_rc
MozillaFirefox Version0.10
MozillaFirefox Version0.10.1
MozillaFirefox Version1.0
MozillaFirefox Version1.0 Updatepreview_release
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
MozillaFirefox Version1.0.6
MozillaFirefox Version1.0.6 Editionlinux
MozillaFirefox Version1.0.7
MozillaFirefox Version1.0.8
MozillaFirefox Version1.4.1
MozillaFirefox Version1.5
MozillaFirefox Version1.5 Updatebeta1
MozillaFirefox Version1.5 Updatebeta2
MozillaFirefox Version1.5.0.1
MozillaFirefox Version1.5.0.2
MozillaFirefox Version1.5.0.3
MozillaFirefox Version1.5.0.4
MozillaFirefox Version1.5.0.5
MozillaFirefox Version1.5.0.6
MozillaFirefox Version1.5.0.7
MozillaFirefox Version1.5.0.8
MozillaFirefox Version1.5.0.9
MozillaFirefox Version1.5.0.10
MozillaFirefox Version1.5.0.11
MozillaFirefox Version1.5.0.12
MozillaFirefox Version1.5.1
MozillaFirefox Version1.5.2
MozillaFirefox Version1.5.3
MozillaFirefox Version1.5.4
MozillaFirefox Version1.5.5
MozillaFirefox Version1.5.6
MozillaFirefox Version1.5.7
MozillaFirefox Version1.5.8
MozillaFirefox Version1.8
MozillaFirefox Version2.0
MozillaFirefox Version2.0 Updatebeta_1
MozillaFirefox Version2.0 Updatebeta1
MozillaFirefox Version2.0 Updaterc2
MozillaFirefox Version2.0 Updaterc3
MozillaFirefox Version2.0.0.1
MozillaFirefox Version2.0.0.2
MozillaFirefox Version2.0.0.3
MozillaFirefox Version2.0.0.4
MozillaFirefox Version2.0.0.5
MozillaFirefox Version2.0.0.6
MozillaFirefox Version2.0.0.7
MozillaFirefox Version2.0.0.8
MozillaFirefox Version2.0.0.9
MozillaFirefox Version2.0.0.10
MozillaFirefox Version2.0.0.11
MozillaFirefox Version2.0.0.12
MozillaFirefox Version2.0.0.13
MozillaFirefox Version2.0.0.14
MozillaFirefox Version2.0.0.15
MozillaFirefox Version2.0.0.16
MozillaFirefox Version2.0.0.17
MozillaFirefox Version2.0.0.18
MozillaFirefox Version2.0.0.19
MozillaFirefox Version2.0.0.20
MozillaFirefox Version2.0.0.21
MozillaFirefox Version2.0_.1
MozillaFirefox Version2.0_.4
MozillaFirefox Version2.0_.5
MozillaFirefox Version2.0_.6
MozillaFirefox Version2.0_.7
MozillaFirefox Version2.0_.9
MozillaFirefox Version2.0_.10
MozillaFirefox Version2.0_8
MozillaFirefox Version3.0
MozillaFirefox Version3.0 Updatealpha
MozillaFirefox Version3.0 Updatebeta2
MozillaFirefox Version3.0 Updatebeta5
MozillaFirefox Version3.0.1
MozillaFirefox Version3.0.2
MozillaFirefox Version3.0.3
MozillaFirefox Version3.0.4
MozillaFirefox Version3.0.5
MozillaFirefox Version3.0.6
MozillaFirefox Version3.0.7
MozillaFirefox Version3.0.8
MozillaFirefox Version3.0.9
MozillaFirefox Version3.0beta5
MozillaSeamonkey Version <= 1.1.16
MozillaSeamonkey Version1.0
MozillaSeamonkey Version1.0 Editionalpha
MozillaSeamonkey Version1.0 Editionbeta
MozillaSeamonkey Version1.0 Editiondev
MozillaSeamonkey Version1.0 Updatealpha
MozillaSeamonkey Version1.0 Updatebeta
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.4
MozillaSeamonkey Version1.0.6
MozillaSeamonkey Version1.0.8
MozillaSeamonkey Version1.0.9
MozillaSeamonkey Version1.0.99
MozillaSeamonkey Version1.1
MozillaSeamonkey Version1.1 Updatealpha
MozillaSeamonkey Version1.1 Updatebeta
MozillaSeamonkey Version1.1.1
MozillaSeamonkey Version1.1.3
MozillaSeamonkey Version1.1.5
MozillaSeamonkey Version1.1.5 Update1.1.10
MozillaSeamonkey Version1.1.6
MozillaSeamonkey Version1.1.7
MozillaSeamonkey Version1.1.8
MozillaSeamonkey Version1.1.9
MozillaSeamonkey Version1.1.10
MozillaSeamonkey Version1.1.11
MozillaSeamonkey Version1.1.12
MozillaSeamonkey Version1.1.13
MozillaSeamonkey Version1.1.15
MozillaThunderbird Version <= 2.0.0.19
MozillaThunderbird Version0.1
MozillaThunderbird Version0.2
MozillaThunderbird Version0.3
MozillaThunderbird Version0.4
MozillaThunderbird Version0.5
MozillaThunderbird Version0.6
MozillaThunderbird Version0.7
MozillaThunderbird Version0.7.1
MozillaThunderbird Version0.7.2
MozillaThunderbird Version0.7.3
MozillaThunderbird Version0.8
MozillaThunderbird Version0.9
MozillaThunderbird Version1.0
MozillaThunderbird Version1.0.1
MozillaThunderbird Version1.0.2
MozillaThunderbird Version1.0.3
MozillaThunderbird Version1.0.4
MozillaThunderbird Version1.0.5
MozillaThunderbird Version1.0.5 Updatebeta
MozillaThunderbird Version1.0.6
MozillaThunderbird Version1.0.7
MozillaThunderbird Version1.0.8
MozillaThunderbird Version1.5
MozillaThunderbird Version1.5 Updatebeta2
MozillaThunderbird Version1.5.0.1
MozillaThunderbird Version1.5.0.2
MozillaThunderbird Version1.5.0.3
MozillaThunderbird Version1.5.0.4
MozillaThunderbird Version1.5.0.5
MozillaThunderbird Version1.5.0.6
MozillaThunderbird Version1.5.0.7
MozillaThunderbird Version1.5.0.8
MozillaThunderbird Version1.5.0.9
MozillaThunderbird Version1.5.0.10
MozillaThunderbird Version1.5.0.11
MozillaThunderbird Version1.5.0.12
MozillaThunderbird Version1.5.0.13
MozillaThunderbird Version1.5.0.14
MozillaThunderbird Version1.5.1
MozillaThunderbird Version1.5.2
MozillaThunderbird Version1.7.1
MozillaThunderbird Version1.7.3
MozillaThunderbird Version2.0.0.0
MozillaThunderbird Version2.0.0.1
MozillaThunderbird Version2.0.0.2
MozillaThunderbird Version2.0.0.3
MozillaThunderbird Version2.0.0.4
MozillaThunderbird Version2.0.0.5
MozillaThunderbird Version2.0.0.6
MozillaThunderbird Version2.0.0.7
MozillaThunderbird Version2.0.0.8
MozillaThunderbird Version2.0.0.9
MozillaThunderbird Version2.0.0.11
MozillaThunderbird Version2.0.0.12
MozillaThunderbird Version2.0.0.13
MozillaThunderbird Version2.0.0.14
MozillaThunderbird Version2.0.0.15
MozillaThunderbird Version2.0.0.16
MozillaThunderbird Version2.0.0.17
MozillaThunderbird Version2.0.0.18
MozillaThunderbird Version2.0_.4
MozillaThunderbird Version2.0_.5
MozillaThunderbird Version2.0_.6
MozillaThunderbird Version2.0_.9
MozillaThunderbird Version2.0_.12
MozillaThunderbird Version2.0_.13
MozillaThunderbird Version2.0_.14
MozillaThunderbird Version2.0_8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.8% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.debian.org/security/2009/dsa-1830
http://secunia.com/advisories/35602
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
http://secunia.com/advisories/35536
http://www.redhat.com/support/errata/RHSA-2009-1125.html
http://www.redhat.com/support/errata/RHSA-2009-1126.html
http://www.ubuntu.com/usn/usn-782-1
http://secunia.com/advisories/35561
http://secunia.com/advisories/35882
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
http://rhn.redhat.com/errata/RHSA-2009-1096.html
http://secunia.com/advisories/35331
Vendor Advisory
http://secunia.com/advisories/35415
http://secunia.com/advisories/35428
Vendor Advisory
http://secunia.com/advisories/35431
Vendor Advisory
http://secunia.com/advisories/35439
Vendor Advisory
http://secunia.com/advisories/35440
Vendor Advisory
http://secunia.com/advisories/35468
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
http://www.debian.org/security/2009/dsa-1820
http://www.securityfocus.com/bid/35326
Patch
http://www.securitytracker.com/id?1022397
http://www.vupen.com/english/advisories/2009/1572
Patch
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-1095.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
http://osvdb.org/55157
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
Vendor Advisory
http://www.securityfocus.com/bid/35383
https://bugzilla.mozilla.org/show_bug.cgi?id=489131
https://bugzilla.redhat.com/show_bug.cgi?id=503580
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080