Added: 07/13/2009
CVE: CVE-2009-2477
BID: 35660
OSVDB: 55846
Mozilla is a suite of Internet client products available for multiple platforms.
A memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and execution when a user loads a malicious web page.
Upgrade to Firefox 3.5.1 or higher.
<http://www.mozilla.org/security/announce/2009/mfsa2009-41.html>
The target Windows XP system must have at least 1G virtual memory allocated. The target Linux system must have at least 2G physical memory. Exploit works on Firefox 3.5. In order for exploitation to succeed, a user must load the exploit in a vulnerable browser.
After a user loads the exploit page, there may be a delay before the exploit succeeds.
Windows XP
Linux
Mac OS X