CVE-2009-1531
published 2009-06-10CVE-2009-1531: Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote…
PriorityP357critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
35.07%
98.2th percentile
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-3385 SeaMonkey scriptable plugin execution in mail (mfsa2010-06)
bugzilla·2009-10-21·CVSS 7.1
CVE-2009-3385 [HIGH] CVE-2009-3385 SeaMonkey scriptable plugin execution in mail (mfsa2010-06)
CVE-2009-3385 SeaMonkey scriptable plugin execution in mail (mfsa2010-06)
Mozilla security researcher Georgi Guninski reported that scriptable plugin
content, such as Flash objects, could be loaded and executed in SeaMonkey
mail messages by embedding the content in an iframe inside the message. If
a user were to reply to or forward such a message, malicious JavaScript
embedded in the plugin content could potentially steal the contents of the
message or files from the local filesystem.
Discussion:
Public now via:
http://www.mozilla.org/security/announce/2010/mfsa2010-06.html
---
This issue was corrected in Red Hat Enterprise Linux 3 and 4 via:
https://rhn.redhat.com/errata/RHSA-2009-1531.html
as referenced in the seamonkey.spec:
# fixed in 1.9.0.15
...
Patch378: mozilla-371976-x.pat
Bugzilla
CVE-2009-3375 Firefox cross-origin data theft through document.getSelection()
bugzilla·2009-10-21·CVSS 4.3
CVE-2009-3375 [MEDIUM] CVE-2009-3375 Firefox cross-origin data theft through document.getSelection()
CVE-2009-3375 Firefox cross-origin data theft through document.getSelection()
Security researcher Gregory Fleischer reported that text within a selection
on a web page can be read by JavaScript in a different domain using the
document.getSelection function, violating the same-origin policy.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Via RHSA-2009:1531 https://rhn.redhat.com/errata/RHSA-2009-1531.html
---
blam-1.8.5-15.fc11, chmsee-1.0.1-12.fc11, epiphany-2.26.3-5.fc11, epiphany-extensions-2.26.1-7.fc11, evolution-rss-0.1.4-5.fc
http://osvdb.org/54950http://www.securityfocus.com/archive/1/504216/100/0/threadedhttp://www.securityfocus.com/bid/35234http://www.securitytracker.com/id?1022350http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://www.vupen.com/english/advisories/2009/1538http://www.zerodayinitiative.com/advisories/ZDI-09-039https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6308http://osvdb.org/54950http://www.securityfocus.com/archive/1/504216/100/0/threadedhttp://www.securityfocus.com/bid/35234http://www.securitytracker.com/id?1022350http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://www.vupen.com/english/advisories/2009/1538http://www.zerodayinitiative.com/advisories/ZDI-09-039https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6308
2009-06-10
Published