{ "threat_severity" : "Critical", "public_date" : "2009-03-27T00:00:00Z", "bugzilla" : { "description" : "Firefox XUL garbage collection issue (cansecwest pwn2own)", "id" : "492212", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=492212" }, "cvss" : { "cvss_base_score" : "6.8", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status" : "verified" }, "details" : [ "Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 2.1", "release_date" : "2009-03-27T00:00:00Z", "advisory" : "RHSA-2009:0398", "cpe" : "cpe:/o:redhat:enterprise_linux:2.1", "package" : "seamonkey-0:1.0.9-0.32.el2" }, { "product_name" : "Red Hat Enterprise Linux 3", "release_date" : "2009-03-27T00:00:00Z", "advisory" : "RHSA-2009:0398", "cpe" : "cpe:/o:redhat:enterprise_linux:3", "package" : "seamonkey-0:1.0.9-0.36.el3" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2009-03-27T00:00:00Z", "advisory" : "RHSA-2009:0397", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "firefox-0:3.0.7-3.el4" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2009-03-27T00:00:00Z", "advisory" : "RHSA-2009:0398", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "seamonkey-0:1.0.9-40.el4" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2009-03-27T00:00:00Z", "advisory" : "RHSA-2009:0397", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "xulrunner-0:1.9.0.7-3.el5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-1044\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-1044" ], "name" : "CVE-2009-1044", "csaw" : false }