This application requires Javascript for optimal performance.

Mozilla.Firefox.SVG.Element.Processing.Memory.Corruption

Release Date

Sep 15, 2009

Severity

critical

Impact

System compromise
Denial of service

Description

This indicates an attack attempt against a memory-corruption vulnerability in Mozilla Firefox.

The vulnerability is caused by an error when the vulnerable software handles a specially crafted SVG element. It allows a remote attacker to execute arbitrary code.

Affected Products

Mozilla Firefox 3.5
Mozilla Firefox 3.0.11
Mozilla Firefox 3.0.10
Mozilla Firefox 3.0.9
Mozilla Firefox 3.0.8
Mozilla Firefox 3.0.7 Beta
Mozilla Firefox 3.0.7
Mozilla Firefox 3.0.6
Mozilla Firefox 3.0.5
Mozilla Firefox 3.0.4
Mozilla Firefox 3.0.3
Mozilla Firefox 3.0.2
Mozilla Firefox 3.0.1
Mozilla Firefox 3.0 Beta 5
Mozilla Firefox 3.0

Recommended Actions

Upgrade to Mozilla Firefox 3.5.1 or 3.0.12:
http://www.mozilla.com/firefox/

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2009-2469

Reference/s

http://www.securityfocus.com/bid/35758 (BugTraq)
http://www.frsirt.com/english/advisories/2009/1972 (FrSIRT)

Reference: VID-17691