CVE-2009-1530
published 2009-06-10CVE-2009-1530: Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for…
PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
33.94%
98.2th percentile
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-3380 Firefox crashes with evidence of memory corruption
bugzilla·2009-10-23·CVSS 10.0
CVE-2009-3380 [CRITICAL] CVE-2009-3380 Firefox crashes with evidence of memory corruption
CVE-2009-3380 Firefox crashes with evidence of memory corruption
Mozilla developers and community members identified and fixed several
stability bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these crashes showed evidence of memory
corruption under certain circumstances and we presume that with enough
effort at least some of these could be exploited to run arbitrary code.
Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David
Keeler, and Boris Zbarsky reported crashes in the browser engine which
affected both Firefox 3 and Firefox 3.5.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
---
Bugzilla
CVE-2009-3382 Firefox crashes with evidence of memory corruption
bugzilla·2009-10-23·CVSS 10.0
CVE-2009-3382 [CRITICAL] CVE-2009-3382 Firefox crashes with evidence of memory corruption
CVE-2009-3382 Firefox crashes with evidence of memory corruption
Mozilla developers and community members identified and fixed several
stability bugs in the browser engine used in Firefox and other
Mozilla-based products. Some of these crashes showed evidence of memory
corruption under certain circumstances and we presume that with enough
effort at least some of these could be exploited to run arbitrary code.
Carsten Book reported a crash in the browser engine which affected only
Firefox 3.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
---
blam-1.8.5-15.fc10, epiphany-2.24.3-11.fc10, epiphany-extensions-2.24.3-6.fc10, evolution-rss-0.1.4-5.fc
Bugzilla
CVE-2009-1563 firefox: (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion
bugzilla·2009-10-21·CVSS 6.8
CVE-2009-1563 [MEDIUM] CVE-2009-1563 firefox: (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion
CVE-2009-1563 firefox: (rejected CVE-2009-1563) Firefox heap buffer overflow in string to number conversion
Security researcher Alin Rad Pop of Secunia Research reported a heap-based
buffer overflow in Mozilla's string to floating point number conversion
routines. Using this vulnerability an attacker could craft some malicious
JavaScript code containing a very long string to be converted to a floating
point number which would result in improper memory allocation and the
execution of an arbitrary memory location. This vulnerability could thus be
leveraged by the attacker to run arbitrary code on a victim's computer.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA
Bugzilla
CVE-2009-3370 Firefox form history vulnerable to stealing
bugzilla·2009-10-21·CVSS 5.0
CVE-2009-3370 [MEDIUM] CVE-2009-3370 Firefox form history vulnerable to stealing
CVE-2009-3370 Firefox form history vulnerable to stealing
Security researcher Paul Stone reported that a user's form history, both
from web content as well as the smart location bar, was vulnerable to
theft. A malicious web page could synthesize events such as mouse focus and
key presses on behalf of the victim and trick the browser into auto-filling
the form fields with history entries and then reading the entries.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
---
blam-1.8.5-15.fc11, chmsee-1.0.1-12.fc11, epiphany-2.26.3-5.fc11, epiphany-extensions-2.26.1-7.fc11, evolution-rss-0.1.4-5.fc11, firefox-3.5.4-1.fc11, galeon-2.0.7-17.fc11, gnome-py
Bugzilla
CVE-2009-3376 Firefox download filename spoofing with RTL override
bugzilla·2009-10-21·CVSS 9.3
CVE-2009-3376 [CRITICAL] CVE-2009-3376 Firefox download filename spoofing with RTL override
CVE-2009-3376 Firefox download filename spoofing with RTL override
Mozilla security researchers Jesse Ruderman and Sid Stamm reported that
when downloading a file containing a right-to-left override character (RTL)
in the filename, the name displayed in the dialog title bar conflicts with
the name of the file shown in the dialog body. An attacker could use this
vulnerability to obfuscate the name and file extension of a file to be
downloaded and opened, potentially causing a user to run an executable file
when they expected to open a non-executable file.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
---
This issue has been addressed in followi
Bugzilla
CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS()
bugzilla·2009-10-21·CVSS 7.5
CVE-2009-3374 [HIGH] CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS()
CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS()
Mozilla security researcher moz_bug_r_a4 reported that the XPCOM utility
XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before
returning them to chrome callers. This could result in chrome privileged
code calling methods on an object which had previously been created or
modified by web content, potentially executing malicious JavaScript code
with chrome privileges.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
---
blam-1.8.5-15.fc11, chmsee-1.0.1-12.fc11, epiphany-2.26.3-5.fc11, epiphany-extensions-2.26.1-7.fc11, evolution-rss-0.1.4-5.fc11, firefox
Bugzilla
CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser
bugzilla·2009-10-21·CVSS 10.0
CVE-2009-3373 [CRITICAL] CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser
CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser
Security research firm iDefense reported that researcher regenrecht
discovered a heap-based buffer overflow in Mozilla's GIF image parser. This
vulnerability could potentially be used by an attacker to crash a victim's
browser and run arbitrary code on their computer.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
---
blam-1.8.5-15.fc11, chmsee-1.0.1-12.fc11, epiphany-2.26.3-5.fc11, epiphany-extensions-2.26.1-7.fc11, evolution-rss-0.1.4-5.fc11, firefox-3.5.4-1.fc11, galeon-2.0.7-17.fc11, gnome-python2-extras-2.25.3-8.fc11, gnome-web-photo-0.7-7.fc11, google-gadgets-0.11.1-2.fc11
Bugzilla
CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing
bugzilla·2009-10-21·CVSS 9.3
CVE-2009-3372 [CRITICAL] CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing
CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing
Security researcher Marco C. reported a flaw in the parsing of regular
expressions used in Proxy Auto-configuration (PAC) files. In certain cases
this flaw could be used by an attacker to crash a victim's browser and run
arbitrary code on their computer.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
---
blam-1.8.5-15.fc11, chmsee-1.0.1-12.fc11, epiphany-2.26.3-5.fc11, epiphany-extensions-2.26.1-7.fc11, evolution-rss-0.1.4-5.fc11, firefox-3.5.4-1.fc11, galeon-2.0.7-17.fc11, gnome-python2-extras-2.25.3-8.fc11, gnome-web-photo-0.7-7.fc11, google-gadgets-0.11.1-2.fc11, hulahop-
Bugzilla
CVE-2009-3375 Firefox cross-origin data theft through document.getSelection()
bugzilla·2009-10-21·CVSS 4.3
CVE-2009-3375 [MEDIUM] CVE-2009-3375 Firefox cross-origin data theft through document.getSelection()
CVE-2009-3375 Firefox cross-origin data theft through document.getSelection()
Security researcher Gregory Fleischer reported that text within a selection
on a web page can be read by JavaScript in a different domain using the
document.getSelection function, violating the same-origin policy.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Via RHSA-2009:1531 https://rhn.redhat.com/errata/RHSA-2009-1531.html
---
blam-1.8.5-15.fc11, chmsee-1.0.1-12.fc11, epiphany-2.26.3-5.fc11, epiphany-extensions-2.26.1-7.fc11, evolution-rss-0.1.4-5.fc
http://osvdb.org/54949http://www.securityfocus.com/archive/1/504209/100/0/threadedhttp://www.securitytracker.com/id?1022350http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://www.vupen.com/english/advisories/2009/1538http://www.zerodayinitiative.com/advisories/ZDI-09-038https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294http://osvdb.org/54949http://www.securityfocus.com/archive/1/504209/100/0/threadedhttp://www.securitytracker.com/id?1022350http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://www.vupen.com/english/advisories/2009/1538http://www.zerodayinitiative.com/advisories/ZDI-09-038https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294
2009-06-10
Published