Upstream information
Description
The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Novell/SUSE information
Novell Bugzilla entry: 505563, 515951 SUSE Security Advisories:- SUSE-SA:2009:034, published Tue, 16 Jun 2009 13:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86 |
| core9.ia64 core9.ppc core9.s390 core9.s390x sles9-nld.x86-64 sles9-oes.x86 core9.x86 sles9-nlpos.x86 core9.x86-64 sles9-nld.x86 YOU Patch Nr: 12519 |
| Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 |
| core9.ia64 core9.ppc core9.s390 core9.s390x sles9-nld.x86-64 sles9-oes.x86 core9.x86 sles9-nlpos.x86 core9.x86-64 sles9-nld.x86 YOU Patch Nr: 12519 |
| openSUSE 10.3 |
| |
| SLE 11 DESKTOP Unsupported Extras |
| SAT Patch Nr: 1090 |
| openSUSE 10.3 |
|