CVE-2009-1837 – Firefox Race condition while accessing the private data of a NPObject JS wrapper class object
https://notcve.org/view.php?id=CVE-2009-1837
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. Condición de carrera en la función NPObjWrapper_NewResolve en modules/plugin/base/src/nsJSNPRuntime.cpp en xul.dll en Mozilla Firefox v3 anteriores a v3.0.11 podría permitir a atacantes remotos ejecutar código arbitrario a través de una pagina de transición durante la carga de un applet de Java, relacionado con una vulnerabilidad uso-después-de-liberación para asociar memoria con un objeto Java destrozado. • http://secunia.com/advisories/34241 http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35468 http://secunia.com/secunia_research/2009-19 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1820 http://www.mozilla.org/security/announce/2009/mfs • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2009-0834 – kernel: x86-64: syscall-audit: 32/64 syscall hole
https://notcve.org/view.php?id=CVE-2009-0834
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. La función audit_syscall_entry en el núcleo de Linux v2.6.28.7 y versiones anteriores en la plataforma x86_64 no maneja adecuadamente (1) un proceso de 32-bit haciendo una llamada al sistema (syscall) de 64 bit o (2) un proceso de 64-bit haciendo una llamada al sistema (syscall) de 32-bit, lo cual permite a usuarios locales evitar determinadas configuraciones de auditoría de llamadas al sistema (syscall) a través de llamadas al sistema (syscall) manipuladas, una cuestión diferente a VE-2009-0342 y CVE-2009-0343. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccbe495caa5e604b04d5a31d7459a6f6a76a756c http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://marc.info/?l=linux-kernel&m=123579056530191&w=2 http://marc.info/?l=linux-kernel&m=123579065130246&w=2 http://marc.info/?l=oss-security&m •