Upstream information
Description
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Novell/SUSE information
Novell Bugzilla entry: 505563, 515951 SUSE Security Advisories:- SUSE-SA:2009:034, published Tue, 16 Jun 2009 13:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86 |
| core9.ia64 core9.ppc core9.s390 core9.s390x sles9-nld.x86-64 sles9-oes.x86 core9.x86 sles9-nlpos.x86 core9.x86-64 sles9-nld.x86 YOU Patch Nr: 12519 |
| Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 |
| core9.ia64 core9.ppc core9.s390 core9.s390x sles9-nld.x86-64 sles9-oes.x86 core9.x86 sles9-nlpos.x86 core9.x86-64 sles9-nld.x86 YOU Patch Nr: 12519 |
| openSUSE 10.3 |
| |
| SLE 11 DESKTOP Unsupported Extras |
| SAT Patch Nr: 1090 |
| openSUSE 10.3 |
|