This application requires Javascript for optimal performance.

Mozilla.Firefox.Tracemonkey.Component.Code.Execution

Release Date

Aug 13, 2009

Severity

critical

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Description

This indicates an attempt to exploit a memory-corruption vulnerability in Mozilla Firefox.

The vulnerability is caused by an error when the 'Tracemonkey' component handles a mailicous web page using the Escape method. A remote attacker may exploit this to execute arbitrary code.

Affected Products

Mozilla Firefox 3.5

Recommended Actions

Currently we are not aware of any official patches supplied by the vendor for this issue.

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2009-2477

Reference/s

http://www.milw0rm.com/exploits/9247
http://www.milw0rm.com/exploits/9181
http://www.milw0rm.com/exploits/9137
http://www.milw0rm.com/exploits/9214
http://www.securityfocus.com/bid/35660 (BugTraq)
http://www.frsirt.com/english/advisories/2009/1868 (FrSIRT)

Reference: VID-17586