CVE-2009-1837 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2009-1837?

CVE-2009-1837 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-1837?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Debian Debian Linux, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.

Vulnerability Description

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 3.0, < 3.0.11
Debian	Debian Linux	5.0
Fedoraproject	Fedora	9
Redhat	Enterprise Linux	4.0
Redhat	Enterprise Linux Desktop	4.0
Redhat	Enterprise Linux Eus	4.8
Redhat	Enterprise Linux Server	4.0
Redhat	Enterprise Linux Server Aus	5.3
Redhat	Enterprise Linux Workstation	4.0

Related Weaknesses (CWE)

CWE-362 CWE-416

References

http://secunia.com/advisories/34241Broken LinkVendor Advisory
http://secunia.com/advisories/35331Broken LinkVendor Advisory
http://secunia.com/advisories/35415Broken Link
http://secunia.com/advisories/35431Broken LinkVendor Advisory
http://secunia.com/advisories/35468Broken Link
http://secunia.com/secunia_research/2009-19/Broken LinkVendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackwareBroken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1Broken Link
http://www.debian.org/security/2009/dsa-1820Mailing ListThird Party Advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-28.htmlVendor Advisory
http://www.securityfocus.com/archive/1/504260/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/35326Broken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/35360Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1022386Broken LinkThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2009/1572Broken LinkVendor Advisory

FAQ

What is CVE-2009-1837?

CVE-2009-1837 is a vulnerability with a CVSS score of 7.5 (HIGH). Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code...

How severe is CVE-2009-1837?

CVE-2009-1837 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-1837?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Debian Debian Linux, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.