CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
96.2%
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via “cloned XUL DOM elements which were linked as a parent and child,” which are not properly handled during garbage collection.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
mozilla | firefox | 1.0 | cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.1 | cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.2 | cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.3 | cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.4 | cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.5 | cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.6 | cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.7 | cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.8 | cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
secunia.com/advisories/34137
secunia.com/advisories/34140
secunia.com/advisories/34145
secunia.com/advisories/34272
secunia.com/advisories/34324
secunia.com/advisories/34383
secunia.com/advisories/34417
support.avaya.com/elmodocs2/security/ASA-2009-069.htm
support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
www.debian.org/security/2009/dsa-1751
www.mandriva.com/security/advisories?name=MDVSA-2009:075
www.mozilla.org/security/announce/2009/mfsa2009-08.html
www.redhat.com/support/errata/RHSA-2009-0258.html
www.redhat.com/support/errata/RHSA-2009-0315.html
www.redhat.com/support/errata/RHSA-2009-0325.html
www.securityfocus.com/bid/33990
www.securitytracker.com/id?1021796
www.vupen.com/english/advisories/2009/0632
bugzilla.mozilla.org/show_bug.cgi?id=474456
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681
www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html