CVE-2009-2477 - OpenCVE

js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*

References

Link	Resource
http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/
http://isc.sans.org/diary.html?storyid=6796
http://secunia.com/advisories/35798	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
http://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.html
http://www.exploit-db.com/exploits/9137
http://www.exploit-db.com/exploits/9181
http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761
http://www.kb.cert.org/vuls/id/443060	US Government Resource
http://www.mozilla.org/security/announce/2009/mfsa2009-41.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/35660	Exploit
http://www.vupen.com/english/advisories/2009/1868	Patch Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=503286
https://www.exploit-db.com/exploits/40936/
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-15T15:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2009-07-15T00:00:00

Link: CVE-2009-2477

JSON object: View

NVD Information

Status : Modified

Published: 2009-07-15T15:30:01.453

Modified: 2017-09-19T01:29:08.343

Link: CVE-2009-2477

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=503286"}, {"name": "VU#443060", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/443060"}, {"name": "FEDORA-2009-7898", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html"}, {"name": "40936", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40936/"}, {"tags": ["x_refsource_MISC"], "url": "http://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.html"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.org/diary.html?storyid=6796"}, {"name": "266148", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1"}, {"name": "35660", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35660"}, {"name": "9181", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/9181"}, {"name": "35798", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35798"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/"}, {"name": "ADV-2009-1868", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1868"}, {"name": "9137", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/9137"}, {"tags": ["x_refsource_MISC"], "url": "http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-41.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2477", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=503286", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=503286"}, {"name": "VU#443060", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/443060"}, {"name": "FEDORA-2009-7898", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html"}, {"name": "40936", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40936/"}, {"name": "http://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.html", "refsource": "MISC", "url": "http://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.html"}, {"name": "http://isc.sans.org/diary.html?storyid=6796", "refsource": "MISC", "url": "http://isc.sans.org/diary.html?storyid=6796"}, {"name": "266148", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1"}, {"name": "35660", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35660"}, {"name": "9181", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/9181"}, {"name": "35798", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35798"}, {"name": "http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/", "refsource": "CONFIRM", "url": "http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/"}, {"name": "ADV-2009-1868", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1868"}, {"name": "9137", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/9137"}, {"name": "http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761", "refsource": "MISC", "url": "http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761"}, {"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-41.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-41.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2477", "datePublished": "2009-07-15T15:00:00", "dateReserved": "2009-07-15T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "76CD3BDF-A079-4EF3-ABDE-43CBDD08DB1F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements."}, {"lang": "es", "value": "El archivo js/src/jstracer.cpp en el compilador JavaScript Just-in-Time (JIT) (tambi\u00e9n se conoce como TraceMonkey) en Firefox de Mozilla versiones 3.5 anteriores a 3.5.1, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de cierto uso de la funci\u00f3n escape que desencadena el acceso a ubicaciones de memoria no inicializadas, como es demostrado originalmente por un documento que contiene elementos P y FONT."}], "id": "CVE-2009-2477", "lastModified": "2017-09-19T01:29:08.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-07-15T15:30:01.453", "references": [{"source": "cve@mitre.org", "url": "http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/"}, {"source": "cve@mitre.org", "url": "http://isc.sans.org/diary.html?storyid=6796"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35798"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1"}, {"source": "cve@mitre.org", "url": "http://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.html"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/9137"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/9181"}, {"source": "cve@mitre.org", "url": "http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/443060"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-41.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/35660"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1868"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=503286"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/40936/"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}