CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
88.1%
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element’s owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
mozilla | firefox | 0.1 | cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:* |
mozilla | firefox | 0.2 | cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:* |
mozilla | firefox | 0.3 | cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:* |
mozilla | firefox | 0.4 | cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:* |
mozilla | firefox | 0.5 | cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:* |
mozilla | firefox | 0.6 | cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:* |
mozilla | firefox | 0.6.1 | cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:* |
mozilla | firefox | 0.7 | cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:* |
mozilla | firefox | 0.7.1 | cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:* |
osvdb.org/55157
rhn.redhat.com/errata/RHSA-2009-1096.html
secunia.com/advisories/35331
secunia.com/advisories/35415
secunia.com/advisories/35428
secunia.com/advisories/35431
secunia.com/advisories/35439
secunia.com/advisories/35440
secunia.com/advisories/35468
secunia.com/advisories/35536
secunia.com/advisories/35561
secunia.com/advisories/35602
secunia.com/advisories/35882
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
www.debian.org/security/2009/dsa-1820
www.debian.org/security/2009/dsa-1830
www.mandriva.com/security/advisories?name=MDVSA-2009:141
www.mozilla.org/security/announce/2009/mfsa2009-29.html
www.redhat.com/support/errata/RHSA-2009-1125.html
www.redhat.com/support/errata/RHSA-2009-1126.html
www.securityfocus.com/bid/35326
www.securityfocus.com/bid/35383
www.securitytracker.com/id?1022397
www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
www.ubuntu.com/usn/usn-782-1
www.vupen.com/english/advisories/2009/1572
bugzilla.mozilla.org/show_bug.cgi?id=489131
bugzilla.redhat.com/show_bug.cgi?id=503580
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080
rhn.redhat.com/errata/RHSA-2009-1095.html
www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html