SAINT CorporationSAINT:C17E7E1CCDF4A2472D0ABE5E701B087CMozilla Firefox JIT Escape Function Memory Corruption
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Added: 07/13/2009
CVE: CVE-2009-2477
BID: 35660
OSVDB: 55846
Background
Mozilla is a suite of Internet client products available for multiple platforms.
Problem
A memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and execution when a user loads a malicious web page.
Resolution
Upgrade to Firefox 3.5.1 or higher.
References
<http://www.mozilla.org/security/announce/2009/mfsa2009-41.html>
Limitations
The target Windows XP system must have at least 1G virtual memory allocated. The target Linux system must have at least 2G physical memory. Exploit works on Firefox 3.5. In order for exploitation to succeed, a user must load the exploit in a vulnerable browser.
After a user loads the exploit page, there may be a delay before the exploit succeeds.
Platforms
Windows XP
Linux
Mac OS X
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%