Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2478 — Mozilla Firefox vulnerability

CWE-1896 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

4.1%

top 11.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox

Timeline

PublishedJul 16

Latest updateMay 2

Description

Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox3.5

🔴Vulnerability Details

GHSA

GHSA-j8jf-vmrq-6wf6: Mozilla Firefox 3↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox 3.5 - 'Font tags' Remote HeapSpray (1)↗2009-07-17

▶

Exploit-DB

Mozilla Firefox 3.5 - Font tags Remote Buffer Overflow↗2009-07-13

▶

📋Vendor Advisories

Red Hat

firefox 3.5 various flaws↗2009-07-14

▶

💬Community

Bugzilla

CVE-2009-2477 CVE-2009-2478 CVE-2009-2479 firefox 3.5 various flaws↗2009-07-14

▶