CVE-2009-0775
Published: 4 March 2009
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(3.0.7+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(3.0.7+nobinonly-0ubuntu0.8.10.1)
|
|
jaunty |
Released
(3.0.7+nobinonly-0ubuntu1)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
firefox-3.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Released
(3.5+nobinonly-0ubuntu0.9.04.1)
|
|
karmic |
Released
(3.5~rc2+nobinonly-0ubuntu1)
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
icedove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
iceweasel Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Not vulnerable
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
upstream |
Needs triage
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
upstream |
Released
(2.0.0.23)
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1.9.0.7+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.9.0.7+nobinonly-0ubuntu0.8.10.1)
|
|
jaunty |
Released
(1.9.0.7+nobinonly-0ubuntu1)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|
|
xulrunner-1.9.1 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Released
(1.9.1+nobinonly-0ubuntu0.9.04.1)
|
|
karmic |
Released
(1.9.1~rc2+nobinonly-0ubuntu1)
|
|
lucid |
Does not exist
|
|
upstream |
Needs triage
|