Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.
|Base Score:||9.3||Base Metrics:||AV:N/AC:M/Au:N/C:C/I:C/A:C|
|Access Vector:||Network||Attack Complexity:||Medium|
|Authentication:||None required||Confidentiality Impact:||Complete|
|Integrity Impact:||Complete||Availability Impact:||Complete|
|Oracle Enterprise Linux version 4 (firefox)||ELSA-2009-1095||2009-06-12|
|Oracle Linux version 5 (firefox)||ELSA-2009-1095||2009-06-12|
|Oracle Linux version 5 (xulrunner)||ELSA-2009-1095||2009-06-12|
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team