Bug 488287 (CVE-2009-0775)

Summary: CVE-2009-0775 Firefox XUL Linked Clones Double Free Vulnerability
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: kseifried, mjc, security-response-team, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=critical,source=mozilla,reported=20090216,public=20090304,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-25 15:46:45 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Josh Bressers 2009-03-03 11:40:16 EST
An anonymous researcher, via TippingPoint's Zero Day Initiative program,
reported a vulnerability in Mozilla's garbage collection process. The
vulnerability was caused by improper memory management of a set of cloned
XUL DOM elements which were linked as a parent and child. After reloading
the browser on a page with such linked elements, the browser would crash
when attempting to access an object which was already destroyed. An
attacker could use this crash to run arbitrary code on the victim's
computer.
Comment 1 Tomas Hoger 2009-03-05 03:08:40 EST
Public now via:
  http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
Comment 2 Fedora Update System 2009-03-08 15:34:24 EDT
firefox-3.0.7-1.fc9, xulrunner-1.9.0.7-1.fc9, epiphany-2.22.2-8.fc9, epiphany-extensions-2.22.1-8.fc9, blam-1.8.5-6.fc9.1, chmsee-1.0.1-9.fc9, devhelp-0.19.1-9.fc9, galeon-2.0.7-7.fc9, gnome-python2-extras-2.19.1-24.fc9, gnome-web-photo-0.3-18.fc9, google-gadgets-0.10.5-3.fc9, gtkmozembedmm-1.4.2.cvs20060817-26.fc9, kazehakase-0.5.6-1.fc9.4, Miro-1.2.7-5.fc9, mozvoikko-0.9.5-7.fc9, mugshot-1.2.2-6.fc9, ruby-gnome2-0.17.0-6.fc9, totem-2.23.2-12.fc9, yelp-2.22.1-9.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2009-03-08 15:35:45 EDT
firefox-3.0.7-1.fc10, xulrunner-1.9.0.7-1.fc10, epiphany-2.24.3-3.fc10, epiphany-extensions-2.24.0-5.fc10, blam-1.8.5-7.fc10, devhelp-0.22-5.fc10, evolution-rss-0.1.2-5.fc10, galeon-2.0.7-7.fc10, gecko-sharp2-0.13-5.fc10, gnome-python2-extras-2.19.1-27.fc10, gnome-web-photo-0.3-15.fc10, google-gadgets-0.10.5-3.fc10, kazehakase-0.5.6-1.fc10.4, Miro-2.0-4.fc10, mozvoikko-0.9.5-7.fc10, mugshot-1.2.2-6.fc10, pcmanx-gtk2-0.3.8-6.fc10, ruby-gnome2-0.18.1-4.fc10, yelp-2.24.0-6.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2009-03-20 21:26:41 EDT
thunderbird-2.0.0.21-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2009-03-20 21:27:44 EDT
thunderbird-2.0.0.21-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 errata-xmlrpc 2009-03-24 08:02:56 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:0258 https://rhn.redhat.com/errata/RHSA-2009-0258.html
Comment 8 Kurt Seifried 2011-10-25 15:46:45 EDT
This issue has been addressed in the following RHSAs:

Red Hat Enterprise Linux version 4, Desktop version 5 and Optional Productivity Applications version 5 (thunderbird) RHSA-2009:0258 
Red Hat Enterprise Linux version 4 and 5 (firefox) RHSA-2009:0315
Red Hat Enterprise Linux version 2.1, 3 and 4 (seamonkey) RHSA-2009:0325