CVE-2009-1302
CVE-2009-1302
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=428113https://bugzilla.mozilla.org/show_bug.cgi?id=431260https://bugzilla.mozilla.org/show_bug.cgi?id=432114https://bugzilla.mozilla.org/show_bug.cgi?id=454276https://bugzilla.mozilla.org/show_bug.cgi?id=461053https://bugzilla.mozilla.org/show_bug.cgi?id=462517https://bugzilla.mozilla.org/show_bug.cgi?id=467881https://bugzilla.mozilla.org/show_bug.cgi?id=477775https://bugzilla.mozilla.org/show_bug.cgi?id=483444http://secunia.com/advisories/34758http://secunia.com/advisories/34780