| Name | Mozilla.Firefox.TreeColumns.Pointer.Code.Execution |
| Release Date | Jan 05, 2010 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt against a code-execution vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles malformed data in TreeColumns. It allows a remote attacker to execute arbitrary code via sending a crafted web page. |
| Affected Products | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 |
| Recommended Actions | Upgrade to version 3.0.14 or 3.5.3. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3077
|
| Reference/s | http://www.vupen.com/english/advisories/2009/2585 (FrSIRT)
http://www.mozilla.org/security/announce/2009/mfsa2009-49.html
|