| Name | Mozilla.Firefox.SVG.Element.Processing.Memory.Corruption |
| Release Date | Sep 15, 2009 |
| Severity | Critical |
| Impact | System compromise
Denial of service |
| Description | This indicates an attack attempt against a memory-corruption vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted SVG element. It allows a remote attacker to execute arbitrary code. |
| Affected Products | Mozilla Firefox 3.5
Mozilla Firefox 3.0.11
Mozilla Firefox 3.0.10
Mozilla Firefox 3.0.9
Mozilla Firefox 3.0.8
Mozilla Firefox 3.0.7 Beta
Mozilla Firefox 3.0.7
Mozilla Firefox 3.0.6
Mozilla Firefox 3.0.5
Mozilla Firefox 3.0.4
Mozilla Firefox 3.0.3
Mozilla Firefox 3.0.2
Mozilla Firefox 3.0.1
Mozilla Firefox 3.0 Beta 5
Mozilla Firefox 3.0 |
| Recommended Actions | Upgrade to Mozilla Firefox 3.5.1 or 3.0.12:
http://www.mozilla.com/firefox/ |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2469
|
| Reference/s | http://www.securityfocus.com/bid/35758 (BugTraq)
http://www.vupen.com/english/advisories/2009/1972 (FrSIRT)
|