Your submission was sent successfully! Close

CVE-2009-1837

Published: 12 June 2009

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Not vulnerable

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2)
jaunty
Released (1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1)
karmic Does not exist

upstream Needs triage

xulrunner-1.9.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

intrepid Does not exist

jaunty
Released (1.9.1+nobinonly-0ubuntu0.9.04.1)
karmic
Released (1.9.1~rc2+nobinonly-0ubuntu1)
upstream Needs triage