Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via “cloned XUL DOM elements which were linked as a parent and child,” which are not properly handled during garbage collection.
lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
secunia.com/advisories/34137
secunia.com/advisories/34140
secunia.com/advisories/34145
secunia.com/advisories/34272
secunia.com/advisories/34324
secunia.com/advisories/34383
secunia.com/advisories/34417
support.avaya.com/elmodocs2/security/ASA-2009-069.htm
support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
www.debian.org/security/2009/dsa-1751
www.mandriva.com/security/advisories?name=MDVSA-2009:075
www.mozilla.org/security/announce/2009/mfsa2009-08.html
www.redhat.com/support/errata/RHSA-2009-0258.html
www.redhat.com/support/errata/RHSA-2009-0315.html
www.redhat.com/support/errata/RHSA-2009-0325.html
www.securityfocus.com/bid/33990
www.securitytracker.com/id?1021796
www.vupen.com/english/advisories/2009/0632
bugzilla.mozilla.org/show_bug.cgi?id=474456
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681
www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html