Home > Vulnerability Database > CVE-2009-2477

Mend.io Vulnerability Database

CVE-2009-2477

Date: July 15, 2009

js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.

Severity Score

5.6

Related Resources (18)

Url: http://www.kb.cert.org/vuls/id/443060

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1

Url: http://secunia.com/advisories/35798

Url: http://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.html

Url: http://isc.sans.org/diary.html?storyid=6796

Url: http://www.securityfocus.com/bid/35660

Url: http://www.exploit-db.com/exploits/9181

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-2477

Url: http://www.mozilla.org/security/announce/2009/mfsa2009-41.html

Url: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-2477

Url: https://www.exploit-db.com/exploits/40936/

Url: http://www.exploit-db.com/exploits/9137

Url: http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=503286

Url: http://www.vupen.com/english/advisories/2009/1868

Url: http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761

Url: https://www.mend.io/vulnerability-database/CVE-2009-2477

Severity Score

5.6

Weakness Type (CWE)

Code Injection

CWE-94

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-2477

Date: July 15, 2009

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?