← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

PublicDateAtUSN: 2009-06-12
Candidate: CVE-2009-1838
PublicDate: 2009-06-12
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838
 http://www.ubuntu.com/usn/usn-779-1
 http://www.ubuntu.com/usn/usn-782-1
Description:
 The garbage-collection implementation in Mozilla Firefox before 3.0.11,
 Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's
 owner document to null in unspecified circumstances, which allows remote
 attackers to execute arbitrary JavaScript with chrome privileges via a
 crafted event handler, related to an incorrect context for this event
 handler.
Ubuntu-Description:
Notes:
 jdstrand> CVEs in Firefox are tracked in the xulrunner source packages. The
  mapping of xulrunner sources to firefox is:
   xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
   xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
   xulrunner-1.9: firefox-3.0
   xulrunner-1.9.1: firefox-3.5
 jdstrand: Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
  the system xulrunner-1.9.2, so it is tracked in the firefox source package.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:

Patches_firefox:
upstream_firefox: needs-triage
dapper_firefox: ignored (reached end-of-life)
hardy_firefox: ignored (uses system xulrunner)
intrepid_firefox: DNE
jaunty_firefox: DNE
karmic_firefox: DNE
lucid_firefox: not-affected
maverick_firefox: not-affected
natty_firefox: not-affected
oneiric_firefox: not-affected
devel_firefox: not-affected


Patches_xulrunner:
upstream_xulrunner: needs-triage
dapper_xulrunner: DNE
hardy_xulrunner: ignored (reached end-of-life)
intrepid_xulrunner: needed (reached end-of-life)
jaunty_xulrunner: ignored (reached end-of-life)
karmic_xulrunner: ignored (reached end-of-life)
lucid_xulrunner: DNE
maverick_xulrunner: DNE
natty_xulrunner: DNE
oneiric_xulrunner: DNE
devel_xulrunner: DNE

Patches_xulrunner-1.9:
upstream_xulrunner-1.9: needs-triage
dapper_xulrunner-1.9: DNE
hardy_xulrunner-1.9: released (1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1)
intrepid_xulrunner-1.9: released (1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2)
jaunty_xulrunner-1.9: released (1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1)
karmic_xulrunner-1.9: DNE
lucid_xulrunner-1.9: DNE
maverick_xulrunner-1.9: DNE
natty_xulrunner-1.9: DNE
oneiric_xulrunner-1.9: DNE
devel_xulrunner-1.9: DNE

Patches_xulrunner-1.9.1:
upstream_xulrunner-1.9.1: needs-triage
dapper_xulrunner-1.9.1: DNE
hardy_xulrunner-1.9.1: DNE
intrepid_xulrunner-1.9.1: DNE
jaunty_xulrunner-1.9.1: released (1.9.1+nobinonly-0ubuntu0.9.04.1)
karmic_xulrunner-1.9.1: released (1.9.1~rc2+nobinonly-0ubuntu1)
lucid_xulrunner-1.9.1: DNE
maverick_xulrunner-1.9.1: DNE
natty_xulrunner-1.9.1: DNE
oneiric_xulrunner-1.9.1: DNE
devel_xulrunner-1.9.1: DNE


Patches_seamonkey:
upstream_seamonkey: needs-triage
dapper_seamonkey: DNE
hardy_seamonkey: released (1.1.17+nobinonly-0ubuntu0.8.04.1)
intrepid_seamonkey: released (1.1.17+nobinonly-0ubuntu0.8.10.1)
jaunty_seamonkey: released (1.1.17+nobinonly-0ubuntu0.9.04.1)
karmic_seamonkey: released (1.1.17+nobinonly-0ubuntu1)
lucid_seamonkey: released (1.1.17+nobinonly-0ubuntu1)
maverick_seamonkey: released (1.1.17+nobinonly-0ubuntu1)
natty_seamonkey: released (1.1.17+nobinonly-0ubuntu1)
oneiric_seamonkey: released (1.1.17+nobinonly-0ubuntu1)
devel_seamonkey: released (1.1.17+nobinonly-0ubuntu1)


Patches_thunderbird:
upstream_thunderbird: needs-triage
dapper_thunderbird: DNE
hardy_thunderbird: released (2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1)
intrepid_thunderbird: released (2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1)
jaunty_thunderbird: released (2.0.0.22+build1+nobinonly-0ubuntu0.9.04.1)
karmic_thunderbird: released (2.0.0.22+build1+nobinonly-0ubuntu1.nspr474)
lucid_thunderbird: released (2.0.0.22+build1+nobinonly-0ubuntu1.nspr474)
maverick_thunderbird: released (2.0.0.22+build1+nobinonly-0ubuntu1.nspr474)
natty_thunderbird: released (2.0.0.22+build1+nobinonly-0ubuntu1.nspr474)
oneiric_thunderbird: released (2.0.0.22+build1+nobinonly-0ubuntu1.nspr474)
devel_thunderbird: released (2.0.0.22+build1+nobinonly-0ubuntu1.nspr474)

Patches_mozilla-thunderbird:
upstream_mozilla-thunderbird: needs-triage
dapper_mozilla-thunderbird: ignored (reached end-of-life)
hardy_mozilla-thunderbird: DNE
intrepid_mozilla-thunderbird: DNE
jaunty_mozilla-thunderbird: DNE
karmic_mozilla-thunderbird: DNE
lucid_mozilla-thunderbird: DNE
maverick_mozilla-thunderbird: DNE
natty_mozilla-thunderbird: DNE
oneiric_mozilla-thunderbird: DNE
devel_mozilla-thunderbird: DNE