CVE-2009-2477
CVE-2009-2477
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 7
cve_referencewww.exploit-db.com/exploits/40936/não verificadocve_referencewww.exploit-db.com/exploits/9137não verificadocve_referencewww.exploit-db.com/exploits/9181não verificadoexploitdbwww.exploit-db.com/exploits/40936não verificadoexploitdbwww.exploit-db.com/exploits/16299não verificadoexploitdbwww.exploit-db.com/exploits/9214não verificadoexploitdbwww.exploit-db.com/exploits/9137não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/http://isc.sans.org/diary.html?storyid=6796https://bugzilla.mozilla.org/show_bug.cgi?id=503286http://secunia.com/advisories/35798http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1https://www.exploit-db.com/exploits/40936/https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.htmlhttp://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.htmlhttp://www.exploit-db.com/exploits/9137http://www.exploit-db.com/exploits/9181http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761http://www.kb.cert.org/vuls/id/443060