CVE-2009-1838: The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner…

CVE-2009-1303 [MEDIUM] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Thunderbird vulnerabilities Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1303, CVE-2009-1305, CVE-2009-1392, CVE-2009-1833, CVE-2009-1838) Several flaws were discovered in the way Thunderbird processed malformed URI schemes. If a user were tricked into viewing a malicious website and had JavaScript and plugins enabled, a remote attacker could execute arbitrary JavaScript or steal private data. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309) Cefn Hoile discovered Thunderbird did not adequa

CVE-2009-1841 [CRITICAL] Firefox and Xulrunner vulnerabilities Title: Firefox and Xulrunner vulnerabilities Summary: Firefox and Xulrunner vulnerabilities Several flaws were discovered in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838) Pavel Cvrcek discovered that Firefox would sometimes display certain invalid Unicode characters as whitespace. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-1834) Gregory Fleischer, Adam Barth and Collin Jackson discovered that Firefox would allow access to local files from resources loaded via the

CVE-2009-1838 [CRITICAL] Firefox arbitrary code execution flaw Firefox arbitrary code execution flaw The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

CVE-2009-1838 [HIGH] CWE-94 GHSA-p6f8-2h8r-5246: The garbage-collection implementation in Mozilla Firefox before 3 The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.

CVE-2000-1134 [HIGH] namei: allow restricted O_CREAT of FIFOs and regular files namei: allow restricted O_CREAT of FIFOs and regular files Disallows open of FIFOs or regular files not owned by the user in world writable sticky directories, unless the owner is the same as that of the directory or the file is opened without the O_CREAT flag. The purpose is to make data spoofing attacks harder. This protection can be turned on and off separately for FIFOs and regular files via sysctl, just like the symlinks/hardlinks protection. This patch is based on Openwall's "HARDEN_FIFO" feature by Solar Designer. This is a brief list of old vulnerabilities that could have been prevented by this feature, some of them even allow for privilege escalation: CVE-2000-1134 CVE-2007-3852 CVE-2008-0525 CVE-2009-0416 CVE-2011-4834 CVE-2015-1838 CVE-2015-7442 CVE-2016-7489 This list is no

CVE-2009-1838 [CRITICAL] CVE-2009-1838 Firefox arbitrary code execution flaw CVE-2009-1838 Firefox arbitrary code execution flaw Mozilla security researcher moz_bug_r_a4 reported that the owner document of an element can become null after garbage collection. In such cases, event listeners may be executed within the wrong JavaScript context. An attacker could potentially use this vulnerability to have a malicious event handler execute arbitrary JavaScript with chrome privileges. Discussion: This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Via RHSA-2009:1095 https://rhn.redhat.com/errata/RHSA-2009-1095.html --- This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Via RHSA-2009:1096 https://rhn.redhat.com/errata/RHSA-2009-1096.html --- firefox-3.0