Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-1838

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

Related bugs and status

CVE-2009-1838 (Candidate) is related to these bugs:

Bug #356274: [MASTER] Please update seamonkey to version 2.0*

Summary				In	Importance	Status
	356274	[MASTER] Please update seamonkey to version 2.0*		seamonkey (Ubuntu)	High	Fix Released
	356274	[MASTER] Please update seamonkey to version 2.0*		seamonkey (Ubuntu Jaunty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securitytra...
MISC: http://sunsolve.sun.co...
MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://osvdb.org/55157
MISC: http://www.vupen.com/e...
MISC: http://www.debian.org/...
MISC: http://www.debian.org/...
MISC: https://www.redhat.com...
MISC: https://www.redhat.com...
MISC: https://www.redhat.com...
MISC: https://www.redhat.com...
MISC: http://www.mandriva.co...
MISC: https://bugzilla.redha...
MISC: https://rhn.redhat.com...
MISC: http://rhn.redhat.com/...
MISC: http://www.redhat.com/...
MISC: http://www.redhat.com/...
MISC: http://slackware.com/s...
MISC: http://slackware.com/s...
MISC: http://www.slackware.c...
MISC: http://www.ubuntu.com/...
MISC: http://www.mozilla.org...
MISC: https://bugzilla.mozil...
MISC: https://oval.cisecurit...