CVE-2009-1571high
Description
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
http://secunia.com/advisories/37242
http://secunia.com/advisories/38770
http://secunia.com/advisories/38772
http://secunia.com/advisories/38847
http://secunia.com/secunia_research/2009-45/
http://www.debian.org/security/2010/dsa-1999
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
http://www.mandriva.com/security/advisories?name=MDVSA-2010:051
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
http://www.redhat.com/support/errata/RHSA-2010-0112.html
http://www.redhat.com/support/errata/RHSA-2010-0113.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.securityfocus.com/archive/1/509585/100/0/threaded
http://www.ubuntu.com/usn/USN-895-1
http://www.ubuntu.com/usn/USN-896-1
http://www.vupen.com/english/advisories/2010/0405
http://www.vupen.com/english/advisories/2010/0650
https://bugzilla.mozilla.org/show_bug.cgi?id=526500
https://exchange.xforce.ibmcloud.com/vulnerabilities/56361
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615