CVE-2009-1838

NameCVE-2009-1838
DescriptionThe garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1820-1, DSA-1830-1
NVD severityhigh (attack range: remote, user-initiated)
Debian Bugs535124
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icedove (PTS)squeeze (security), squeeze3.0.11-1+squeeze15fixed
wheezy31.3.0-1~deb7u1fixed
wheezy (security)31.6.0-1~deb7u1fixed
jessie, sid31.6.0-1fixed
xulrunner (PTS)wheezy, wheezy (security)24.8.1esr-2~deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
icedovesource(unstable)2.0.0.22-1high535124
icedovesourcelenny2.0.0.22-0lenny1highDSA-1830-1
icedovesourcesqueeze2.0.0.22-0lenny1high
xulrunnersource(unstable)1.9.0.11-1high
xulrunnersourceetch(unfixed)end-of-life
xulrunnersourcelenny1.9.0.11-0lenny1highDSA-1820-1

Notes

[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)

Search for package or bug name: Reporting problems