Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-2477
HistoryJul 15, 2009 - 12:00 a.m.

CVE-2009-2477

2009-07-1500:00:00
ubuntu.com
ubuntu.com
8

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka
TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to
execute arbitrary code via certain use of the escape function that triggers
access to uninitialized memory locations, as originally demonstrated by a
document containing P and FONT elements.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu9.04noarchfirefox-3.5< 3.5.1+build1+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.04noarchxulrunner-1.9.1< 1.9.1.1+build1+nobinonly-0ubuntu0.9.04.1UNKNOWN

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%