CVE-2009-1392
CVE-2009-1392
The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/55144http://osvdb.org/55145http://osvdb.org/55146http://osvdb.org/55147http://rhn.redhat.com/errata/RHSA-2009-1096.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=380359https://bugzilla.mozilla.org/show_bug.cgi?id=429969https://bugzilla.mozilla.org/show_bug.cgi?id=431086https://bugzilla.mozilla.org/show_bug.cgi?id=432068https://bugzilla.mozilla.org/show_bug.cgi?id=451341https://bugzilla.mozilla.org/show_bug.cgi?id=472776https://bugzilla.mozilla.org/show_bug.cgi?id=486398