CVE-2009-1837

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

Published: Jun 12, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1837
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Affected Software
References

Software	From	Fixed in
mozilla / firefox	3.0	3.0.11
debian / debian_linux	5.0	5.0.x
fedoraproject / fedora	10	10.x
fedoraproject / fedora	9	9.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux	4.0	4.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux	5.0	5.0.x
redhat / enterprise_linux_desktop	4.0	4.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_server	4.0	4.0.x
redhat / enterprise_linux_workstation	4.0	4.0.x
redhat / enterprise_linux_server_aus	5.3	5.3.x
redhat / enterprise_linux_eus	5.3	5.3.x
redhat / enterprise_linux_eus	4.8	4.8.x

Vulnerability Database

289,599

CVE-2009-1837