CVE-2009-0775

HIGH

Description

Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.

References

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html

http://secunia.com/advisories/34137

http://secunia.com/advisories/34140

http://secunia.com/advisories/34145

http://secunia.com/advisories/34272

http://secunia.com/advisories/34324

http://secunia.com/advisories/34383

http://secunia.com/advisories/34417

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

http://www.debian.org/security/2009/dsa-1751

http://www.mandriva.com/security/advisories?name=MDVSA-2009:075

http://www.mozilla.org/security/announce/2009/mfsa2009-08.html

http://www.redhat.com/support/errata/RHSA-2009-0258.html

http://www.redhat.com/support/errata/RHSA-2009-0315.html

http://www.redhat.com/support/errata/RHSA-2009-0325.html

http://www.securityfocus.com/bid/33990

http://www.securitytracker.com/id?1021796

http://www.vupen.com/english/advisories/2009/0632

https://bugzilla.mozilla.org/show_bug.cgi?id=474456

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html

Details

Source: MITRE

Published: 2009-03-05

Updated: 2017-09-29

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH