ID CVE-2009-1044
Summary Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
References
Vulnerable Configurations
  • Mozilla Firefox 3.0.7
    cpe:2.3:a:mozilla:firefox:3.0.7
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
CVSS
Base: 9.3 (as of 23-03-2009 - 11:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_308.NASL
    description The installed version of Firefox is earlier than 3.0.8. Such versions are potentially affected by the following security issues : - An XSL transformation vulnerability can be leveraged with a specially crafted stylesheet to crash the browser or to execute arbitrary code. (MFSA 2009-12) - An error in the XUL tree method '_moveToEdgeShift()' can be leveraged to trigger garbage collection routines on objects that are still in use, leading to a browser crash and possibly execution of arbitrary code. (MFSA 2009-13)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 36045
    published 2009-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36045
    title Firefox < 3.0.8 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-3100.NASL
    description A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 37824
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37824
    title Fedora 10 : Miro-2.0.3-2.fc10 / blam-1.8.5-8.fc10 / devhelp-0.22-6.fc10 / epiphany-2.24.3-4.fc10 / etc (2009-3100)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0398.NASL
    description Updated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 36039
    published 2009-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36039
    title CentOS 3 : seamonkey (CESA-2009:0398)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-084.NASL
    description Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8 (CVE-2009-1044, CVE-2009-1169). This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages requiring it have also been rebuilt and are being provided as updates.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 37253
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37253
    title Mandriva Linux Security Advisory : firefox (MDVSA-2009:084)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-745-1.NASL
    description It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS and 8.10. (CVE-2009-1044) A flaw was discovered in the way Firefox performed XSLT transformations. If a user were tricked into opening a crafted XSL stylesheet, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 38148
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38148
    title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-745-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-3161.NASL
    description http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 37911
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37911
    title Fedora 10 : seamonkey-1.1.15-3.fc10 (2009-3161)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-3101.NASL
    description http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 36054
    published 2009-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36054
    title Fedora 9 : seamonkey-1.1.15-3.fc9 (2009-3101)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-3099.NASL
    description Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 36041
    published 2009-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36041
    title Fedora 9 : Miro-2.0.3-2.fc9 / blam-1.8.5-7.fc9.1 / chmsee-1.0.1-10.fc9 / devhelp-0.19.1-10.fc9 / etc (2009-3099)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0397.NASL
    description Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 36043
    published 2009-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36043
    title RHEL 4 / 5 : firefox (RHSA-2009:0397)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0398.NASL
    description Updated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 36044
    published 2009-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36044
    title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0398)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-090407.NASL
    description The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : - Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer. This vulnerability was used by the reporter to win the 2009 CanSecWest Pwn2Own contest. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey. (MFSA 2009-13 / CVE-2009-1044) - Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. This vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre's findings to Mozilla, and Mozilla community member Martin helped reduce Andre's original testcase and contributed a patch to fix the vulnerability. (MFSA 2009-12 / CVE-2009-1169)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 41353
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41353
    title SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 747)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0397.NASL
    description From Red Hat Security Advisory 2009:0397 : Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67833
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67833
    title Oracle Linux 4 / 5 : firefox (ELSA-2009-0397)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_MOZILLAFIREFOX-090407.NASL
    description The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : MFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer. This vulnerability was used by the reporter to win the 2009 CanSecWest Pwn2Own contest. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey. MFSA 2009-12 / CVE-2009-1169:Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. This vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre's findings to Mozilla, and Mozilla community member Martin helped reduce Andre's original testcase and contributed a patch to fix the vulnerability.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40171
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40171
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-745)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0398.NASL
    description From Red Hat Security Advisory 2009:0398 : Updated SeaMonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67834
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67834
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0398)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0397.NASL
    description Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43737
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43737
    title CentOS 4 / 5 : firefox (CESA-2009:0397)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLAFIREFOX-090407.NASL
    description The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes several security issues : MFSA 2009-13 / CVE-2009-1044: Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer. This vulnerability was used by the reporter to win the 2009 CanSecWest Pwn2Own contest. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey. MFSA 2009-12 / CVE-2009-1169:Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. This vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre's findings to Mozilla, and Mozilla community member Martin helped reduce Andre's original testcase and contributed a patch to fix the vulnerability.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 39888
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39888
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-745)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1756.NASL
    description Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1169 Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. - CVE-2009-1044 Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer. Note that after installing these updates, you will need to restart any packages using xulrunner, typically iceweasel or epiphany. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 36066
    published 2009-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36066
    title Debian DSA-1756-1 : xulrunner - multiple vulnerabilities
oval via4
accepted 2013-04-29T04:13:33.381-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
family unix
id oval:org.mitre.oval:def:11368
status accepted
submitted 2010-07-09T03:56:16-04:00
title Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2009:0397
  • rhsa
    id RHSA-2009:0398
rpms
  • firefox-0:3.0.7-3.el4
  • xulrunner-0:1.9.0.7-3.el5
  • xulrunner-devel-0:1.9.0.7-3.el5
  • xulrunner-devel-unstable-0:1.9.0.7-3.el5
  • seamonkey-0:1.0.9-0.36.el3
  • seamonkey-chat-0:1.0.9-0.36.el3
  • seamonkey-devel-0:1.0.9-0.36.el3
  • seamonkey-dom-inspector-0:1.0.9-0.36.el3
  • seamonkey-js-debugger-0:1.0.9-0.36.el3
  • seamonkey-mail-0:1.0.9-0.36.el3
  • seamonkey-nspr-0:1.0.9-0.36.el3
  • seamonkey-nspr-devel-0:1.0.9-0.36.el3
  • seamonkey-nss-0:1.0.9-0.36.el3
  • seamonkey-nss-devel-0:1.0.9-0.36.el3
  • seamonkey-0:1.0.9-40.el4
  • seamonkey-chat-0:1.0.9-40.el4
  • seamonkey-devel-0:1.0.9-40.el4
  • seamonkey-dom-inspector-0:1.0.9-40.el4
  • seamonkey-js-debugger-0:1.0.9-40.el4
  • seamonkey-mail-0:1.0.9-40.el4
refmap via4
bid 34181
bugtraq 20090330 ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability
confirm
debian DSA-1756
fedora
  • FEDORA-2009-3099
  • FEDORA-2009-3100
  • FEDORA-2009-3101
mandriva MDVSA-2009:084
misc
osvdb 52896
sectrack 1021878
secunia
  • 34471
  • 34505
  • 34510
  • 34511
  • 34521
  • 34527
  • 34549
  • 34550
  • 34792
suse SUSE-SA:2009:022
ubuntu USN-745-1
vupen ADV-2009-0864
Last major update 21-08-2010 - 00:00
Published 23-03-2009 - 10:19
Last modified 10-10-2018 - 15:32
Back to Top