Lucene search

K

MitreCVELIST:CVE-2009-2479

HistoryJul 16, 2009 - 3:00 p.m.

CVE-2009-2479

2009-07-1615:00:00

mitre

www.cve.org

9.1 High

AI Score

Confidence

High

0.062 Low

EPSS

Percentile

93.6%

Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.

References

blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/

osvdb.org/55931

websecurity.com.ua/3338/

www.exploit-db.com/exploits/9158

www.securityfocus.com/archive/1/505092/100/0/threaded

www.securityfocus.com/bid/35707

www.securitytracker.com/id?1022580

bugzilla.mozilla.org/show_bug.cgi?id=504342

bugzilla.mozilla.org/show_bug.cgi?id=504343

exchange.xforce.ibmcloud.com/vulnerabilities/51729

www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html

9.1 High

AI Score

Confidence

High

0.062 Low

EPSS

Percentile

93.6%

Related for CVELIST:CVE-2009-2479

ubuntucve1 cve4 prion4 seebug1 nvd4 cvelist3 openvas7 debiancve1 fedora20 nessus2 gentoo1