Secunia Research has discovered a vulnerability in Firefox, which can
be exploited by malicious people to potentially compromise a user's
system.
The vulnerability is caused due to a race condition when accessing the
private data of an NPObject JS wrapper class object if navigating away
from a web page while loading a Java applet. This can be exploited via
a specially crafted web page to use already freed memory.
Successful exploitation may allow execution of arbitrary code.
attackers to execute arbitrary commands.
Background
==========
PEAR Net_Traceroute is an OS independent wrapper class for executing
traceroute calls from PHP.
Affected packages
=================
CVE-2009-1835: Firefox Arbitrary domain cookie access by local file:
resources
CVE-2009-1836: Firefox SSL tampering via non-200 responses to proxy
CONNECT requests
CVE-2009-1837: Firefox Race condition while accessing the private
data of a NPObject JS wrapper class object
CVE-2009-1838: Firefox arbitrary code execution flaw
CVE-2009-1839: Firefox information disclosure flaw
CVE-2009-1840: Firefox XUL scripts skip some security checks
CVE-2009-1841: Firefox JavaScript arbitrary code execution
CVE-2009-2043: firefox - remote TinyMCE denial of service
