| Name | CVE-2009-1838 |
| Description | The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1820-1, DSA-1830-1 |
| Debian Bugs | 535124 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| icedove | source | lenny | 2.0.0.22-0lenny1 | DSA-1830-1 | ||
| icedove | source | squeeze | 2.0.0.22-0lenny1 | |||
| icedove | source | (unstable) | 2.0.0.22-1 | 535124 | ||
| xulrunner | source | etch | (unfixed) | end-of-life | ||
| xulrunner | source | lenny | 1.9.0.11-0lenny1 | DSA-1820-1 | ||
| xulrunner | source | (unstable) | 1.9.0.11-1 |
[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)