Mozilla.Firefox.Tracemonkey.Component

NameMozilla.Firefox.Tracemonkey.Component.Code.Execution
Last Updated DateSep 11, 2009
Release DateAug 13, 2009
SeverityCritical
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems.
DescriptionThis indicates an attempt to exploit a memory-corruption vulnerability in Mozilla Firefox.

The vulnerability is caused by an error when the 'Tracemonkey' component handles a mailicous web page using the Escape method. A remote attacker may exploit this to execute arbitrary code.
Affected ProductsMozilla Firefox 3.5
Recommended ActionsCurrently we are not aware of any official patches supplied by the vendor for this issue.
Common Vulnerabilities and Exposures (CVE)http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2477
Reference/shttp://www.securityfocus.com/bid/35660 (BugTraq)
http://www.vupen.com/english/advisories/2009/1868 (FrSIRT)
http://www.milw0rm.com/exploits/9137
http://www.milw0rm.com/exploits/9181
http://www.milw0rm.com/exploits/9214
http://www.milw0rm.com/exploits/9247
Reference: VID-17586