Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-1837

Опубликовано: 12 июн. 2009
Источник: nvd
CVSS3: 7.5
CVSS2: 9.3
EPSS Низкий

Описание

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Версия от 3.0 (включая) до 3.0.11 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 84%
0.02184
Низкий

7.5 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-362

Связанные уязвимости

ubuntu логотип

CVE-2009-1837

CVSS3: 7.5
ubuntu
около 16 лет назад

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

redhat логотип

CVE-2009-1837

redhat
около 16 лет назад

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

debian логотип

CVE-2009-1837

CVSS3: 7.5
debian
около 16 лет назад

Race condition in the NPObjWrapper_NewResolve function in modules/plug ...

github логотип

GHSA-jcp3-xfrr-gf86

CVSS3: 7.5
github
около 3 лет назад

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

oracle-oval логотип

ELSA-2009-1095

oracle-oval
около 16 лет назад

ELSA-2009-1095: firefox security update (CRITICAL)

EPSS

Процентиль: 84%
0.02184
Низкий

7.5 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-362