Vulnerability Description
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 3.0.10 |
| Mozilla | Seamonkey | <= 1.1.16 |
| Mozilla | Thunderbird | <= 2.0.0.19 |
Related Weaknesses (CWE)
References
- http://osvdb.org/55157
- http://rhn.redhat.com/errata/RHSA-2009-1096.html
- http://secunia.com/advisories/35331Vendor Advisory
- http://secunia.com/advisories/35415
- http://secunia.com/advisories/35428Vendor Advisory
- http://secunia.com/advisories/35431Vendor Advisory
- http://secunia.com/advisories/35439Vendor Advisory
- http://secunia.com/advisories/35440Vendor Advisory
- http://secunia.com/advisories/35468
- http://secunia.com/advisories/35536
- http://secunia.com/advisories/35561
- http://secunia.com/advisories/35602
- http://secunia.com/advisories/35882
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware
FAQ
What is CVE-2009-1838?
CVE-2009-1838 is a vulnerability with a CVSS score of 9.3 (HIGH). The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, ...
How severe is CVE-2009-1838?
CVE-2009-1838 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1838?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.