CVE-2009-1837 — Race Condition in Mozilla Firefox

CWE-362 — Race Condition CWE-416 — Use After Free CWE-368 — Context Switching Race Condition8 documents7 sources

Severity

7.5HIGHNVD

EPSS

2.2%

top 15.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Linux Fedoraproject Fedora +6 more

Timeline

PublishedJun 12

Latest updateMay 2

Description

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

▶NVDmozilla/firefox3.0 — 3.0.11

▶NVDredhat/enterprise_linux_server4.0, 5.0+1

▶NVDredhat/enterprise_linux_desktop4.0, 5.0+1

▶NVDredhat/enterprise_linux_workstation4.0, 5.0+1

Also affects: Debian Linux 5.0, Fedora 10, 9, Enterprise Linux 4.0, 5.0, 4.8, 5.3

🔴Vulnerability Details

GHSA

GHSA-jcp3-xfrr-gf86: Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting↗2009-03-10

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-06-12

▶

Red Hat

Firefox Race condition while accessing the private data of a NPObject JS wrapper class object↗2009-06-11

▶

📐Framework References

CWE

Use After Free↗

▶

CWE

Context Switching Race Condition↗

▶

💬Community

Bugzilla

CVE-2009-1837 Firefox Race condition while accessing the private data of a NPObject JS wrapper class object↗2009-06-01

▶