CVE-2009-1838

Priority
Description
The garbage-collection implementation in Mozilla Firefox before 3.0.11,
Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's
owner document to null in unspecified circumstances, which allows remote
attackers to execute arbitrary JavaScript with chrome privileges via a
crafted event handler, related to an incorrect context for this event
handler.
Notes
jdstrandCVEs in Firefox are tracked in the xulrunner source packages. The
mapping of xulrunner sources to firefox is:
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
xulrunner-1.9: firefox-3.0
xulrunner-1.9.1: firefox-3.5
Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
the system xulrunner-1.9.2, so it is tracked in the firefox source package.
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-09-10 01:28:31 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)