CVE-2009-0775

critical

Description

Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.

References

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html

https://bugzilla.mozilla.org/show_bug.cgi?id=474456

http://secunia.com/advisories/34137

http://secunia.com/advisories/34140

http://secunia.com/advisories/34145

http://secunia.com/advisories/34272

http://secunia.com/advisories/34324

http://secunia.com/advisories/34383

http://secunia.com/advisories/34417

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html

http://www.debian.org/security/2009/dsa-1751

http://www.mandriva.com/security/advisories?name=MDVSA-2009:075

http://www.mozilla.org/security/announce/2009/mfsa2009-08.html

http://www.redhat.com/support/errata/RHSA-2009-0258.html

http://www.redhat.com/support/errata/RHSA-2009-0315.html

http://www.redhat.com/support/errata/RHSA-2009-0325.html

http://www.securitytracker.com/id?1021796

http://www.vupen.com/english/advisories/2009/0632

Details

Source: Mitre, NVD

Published: 2009-03-05

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical