CVE-2009-2477

NONECVSS 0.0

0.0

js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.

🔗 References (30)

cve@mitrehttp://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/
cve@mitrehttp://isc.sans.org/diary.html?storyid=6796
cve@mitrehttp://secunia.com/advisories/35798
cve@mitrehttp://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
cve@mitrehttp://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.html
cve@mitrehttp://www.exploit-db.com/exploits/9137
cve@mitrehttp://www.exploit-db.com/exploits/9181
cve@mitrehttp://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761
cve@mitrehttp://www.kb.cert.org/vuls/id/443060
cve@mitrehttp://www.mozilla.org/security/announce/2009/mfsa2009-41.html
cve@mitrehttp://www.securityfocus.com/bid/35660
cve@mitrehttp://www.vupen.com/english/advisories/2009/1868
cve@mitrehttps://bugzilla.mozilla.org/show_bug.cgi?id=503286
cve@mitrehttps://www.exploit-db.com/exploits/40936/
cve@mitrehttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html

Is Your Infrastructure Affected by CVE-2009-2477?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-2477

📅 Published

🔄 Last Modified

🔗 References (30)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-2477?