9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Added: 07/13/2009
CVE: CVE-2009-2477
BID: 35660
OSVDB: 55846
Mozilla is a suite of Internet client products available for multiple platforms.
A memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and execution when a user loads a malicious web page.
Upgrade to Firefox 3.5.1 or higher.
<http://www.mozilla.org/security/announce/2009/mfsa2009-41.html>
The target Windows XP system must have at least 1G virtual memory allocated. The target Linux system must have at least 2G physical memory. Exploit works on Firefox 3.5. In order for exploitation to succeed, a user must load the exploit in a vulnerable browser.
After a user loads the exploit page, there may be a delay before the exploit succeeds.
Windows XP
Linux
Mac OS X