CVE-2009-2479

Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
mozillafirefox
3.0.6
mozillafirefox
3.0.7
mozillafirefox
3.0.8
mozillafirefox
3.0.9
mozillafirefox
3.0.10
mozillafirefox
3.0.11
mozillafirefox
3.0.12
mozillafirefox
3.0.13
mozillafirefox
3.0.14
mozillafirefox
3.0.15
mozillafirefox
3.0.16
mozillafirefox
3.0.17
mozillafirefox
3.5
mozillafirefox
3.5.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox-3.5
jaunty
Fixed 3.5.3+build1+nobinonly-0ubuntu0.9.04.2
released
intrepid
dne
hardy
dne
dapper
dne
xulrunner-1.9.1
jaunty
Fixed 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2
released
intrepid
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/
http://osvdb.org/55931
http://websecurity.com.ua/3338/
http://www.exploit-db.com/exploits/9158
http://www.securityfocus.com/archive/1/505092/100/0/threaded
http://www.securityfocus.com/bid/35707
http://www.securitytracker.com/id?1022580
https://bugzilla.mozilla.org/show_bug.cgi?id=504342
https://bugzilla.mozilla.org/show_bug.cgi?id=504343
https://exchange.xforce.ibmcloud.com/vulnerabilities/51729
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html
http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/
http://osvdb.org/55931
http://websecurity.com.ua/3338/
http://www.exploit-db.com/exploits/9158
http://www.securityfocus.com/archive/1/505092/100/0/threaded
http://www.securityfocus.com/bid/35707
http://www.securitytracker.com/id?1022580
https://bugzilla.mozilla.org/show_bug.cgi?id=504342
https://bugzilla.mozilla.org/show_bug.cgi?id=504343
https://exchange.xforce.ibmcloud.com/vulnerabilities/51729
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html