Release DateAug 13, 2009 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a memory-corruption vulnerability in Mozilla Firefox.The vulnerability is caused by an error when the 'Tracemonkey' component handles a mailicous web page using the Escape method. A remote attacker may exploit this to execute arbitrary code. |
Affected ProductsMozilla Firefox 3.5 |
Recommended ActionsCurrently we are not aware of any official patches supplied by the vendor for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-2477 |
Reference/shttp://www.milw0rm.com/exploits/9247http://www.milw0rm.com/exploits/9181 http://www.milw0rm.com/exploits/9137 http://www.milw0rm.com/exploits/9214 http://www.securityfocus.com/bid/35660 (BugTraq) http://www.frsirt.com/english/advisories/2009/1868 (FrSIRT) |
