cbcvebase.
CVE-2009-2479
published 2009-07-16

CVE-2009-2479: Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long…

PriorityP342high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
12.09%
95.6th percentile
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.

Affected

129 ranges· showing 25
VendorProductVersion rangeFixed in
googlechrome
googlechrome
googlechrome
googlechrome
googlechrome
googlechrome
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie
microsoftie

CVSS provenance

nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.