Lucene search

[email protected]NVD:CVE-2009-1837

HistoryJun 12, 2009 - 9:30 p.m.

CVE-2009-1837

2009-06-1221:30:00

CWE-362

CWE-416

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.033

Percentile

91.3%

JSON

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

Affected configurations

Nvd

Node

mozillafirefoxRange3.0–3.0.11

Node

debiandebian_linuxMatch5.0

Node

fedoraprojectfedoraMatch9

fedoraprojectfedoraMatch10

Node

redhatenterprise_linuxMatch4.0

redhatenterprise_linuxMatch5.0

redhatenterprise_linux_desktopMatch4.0

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_eusMatch4.8

redhatenterprise_linux_eusMatch5.3

redhatenterprise_linux_serverMatch4.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_server_ausMatch5.3

redhatenterprise_linux_workstationMatch4.0

redhatenterprise_linux_workstationMatch5.0

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
debiandebian_linux5.0cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
fedoraprojectfedora9cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
fedoraprojectfedora10cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
redhatenterprise_linux4.0cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
redhatenterprise_linux5.0cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop4.0cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop5.0cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus4.8cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*
redhatenterprise_linux_eus5.3cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
debian	debian_linux	5.0	cpe:2.3:o:debian:debian_linux:5.0:::::::*
fedoraproject	fedora	9	cpe:2.3:o:fedoraproject:fedora:9:::::::*
fedoraproject	fedora	10	cpe:2.3:o:fedoraproject:fedora:10:::::::*
redhat	enterprise_linux	4.0	cpe:2.3:o:redhat:enterprise_linux:4.0:::::::*
redhat	enterprise_linux	5.0	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
redhat	enterprise_linux_desktop	4.0	cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::*
redhat	enterprise_linux_desktop	5.0	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
redhat	enterprise_linux_eus	4.8	cpe:2.3:o:redhat:enterprise_linux_eus:4.8:::::::*
redhat	enterprise_linux_eus	5.3	cpe:2.3:o:redhat:enterprise_linux_eus:5.3:::::::*