Vulnerability DatabaseCVE-2009-1837
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2009-1837
June 12, 2009
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
Related Resources (23)
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
http://www.debian.org/security/2009/dsa-1820
https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1837
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
https://bugzilla.redhat.com/show_bug.cgi?id=503579
http://secunia.com/secunia_research/2009-19/
https://rhn.redhat.com/errata/RHSA-2009-1095.html
http://www.securityfocus.com/bid/35360
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10628
http://secunia.com/advisories/34241
http://www.vupen.com/english/advisories/2009/1572
http://secunia.com/advisories/35331
http://secunia.com/advisories/35431
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
https://bugzilla.mozilla.org/show_bug.cgi?id=486269
http://www.securityfocus.com/bid/35326
http://www.securityfocus.com/archive/1/504260/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
http://secunia.com/advisories/35468
http://www.securitytracker.com/id?1022386
http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
https://access.redhat.com/security/cve/CVE-2009-1837
http://secunia.com/advisories/35415
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
9.3
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362
Use After Free
CWE-416
EPSS
Base Score:
2.18