Vulnerability Description
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 3.5 |
Related Weaknesses (CWE)
References
- http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in
- http://isc.sans.org/diary.html?storyid=6796
- http://secunia.com/advisories/35798Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
- http://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_fi
- http://www.exploit-db.com/exploits/9137
- http://www.exploit-db.com/exploits/9181
- http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/1
- http://www.kb.cert.org/vuls/id/443060US Government Resource
- http://www.mozilla.org/security/announce/2009/mfsa2009-41.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/35660Exploit
- http://www.vupen.com/english/advisories/2009/1868PatchVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=503286
- https://www.exploit-db.com/exploits/40936/
- https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html
FAQ
What is CVE-2009-2477?
CVE-2009-2477 is a vulnerability with a CVSS score of 9.3 (HIGH). js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape ...
How severe is CVE-2009-2477?
CVE-2009-2477 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2477?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.