1. Home
  2. Vulnerabilities
  3. CVE-2009-1837

CVE-2009-1837

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 9.3 (High)
93% Progress
EPSS 3.27 % (91th)
3.27% Progress
Affected Products 9
Advisories 6
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

Weaknesses
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2009-06-12 21:30:00
(15 years ago)
Updated Date
2024-02-02 16:03:54
(7 months ago)

Affected Products

Debian

Fedoraproject

Mozilla

Redhat

Configuration #1

    CPE23 From Up To
  Mozilla Firefox from 3.0 version and prior 3.0.11 version cpe:2.3:a:mozilla:firefox >= 3.0 < 3.0.11

Configuration #2

    CPE23 From Up To
  Debian Linux 5.0 cpe:2.3:o:debian:debian_linux:5.0

Configuration #3

    CPE23 From Up To
  Fedoraproject Fedora 9 cpe:2.3:o:fedoraproject:fedora:9
  Fedoraproject Fedora 10 cpe:2.3:o:fedoraproject:fedora:10

Configuration #4

    CPE23 From Up To
  Redhat Enterprise Linux 4.0 cpe:2.3:o:redhat:enterprise_linux:4.0
  Redhat Enterprise Linux 5.0 cpe:2.3:o:redhat:enterprise_linux:5.0
  Redhat Enterprise Linux Desktop 4.0 cpe:2.3:o:redhat:enterprise_linux_desktop:4.0
  Redhat Enterprise Linux Desktop 5.0 cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
  Redhat Enterprise Linux Eus 4.8 cpe:2.3:o:redhat:enterprise_linux_eus:4.8
  Redhat Enterprise Linux Eus 5.3 cpe:2.3:o:redhat:enterprise_linux_eus:5.3
  Redhat Enterprise Linux Server 4.0 cpe:2.3:o:redhat:enterprise_linux_server:4.0
  Redhat Enterprise Linux Server 5.0 cpe:2.3:o:redhat:enterprise_linux_server:5.0
  Redhat Enterprise Linux Server Aus 5.3 cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3
  Redhat Enterprise Linux Workstation 4.0 cpe:2.3:o:redhat:enterprise_linux_workstation:4.0
  Redhat Enterprise Linux Workstation 5.0 cpe:2.3:o:redhat:enterprise_linux_workstation:5.0