CVE-2009-2479
published 2009-07-16CVE-2009-2479: Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long…
PriorityP342high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
12.09%
95.6th percentile
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
Affected
129 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
| microsoft | ie | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9q9v-fv5g-fj8r: Microsoft Internet Explorer 6
ghsa_unreviewed·2022-05-02·CVSS 7.8
CVE-2009-2576 [HIGH] GHSA-9q9v-fv5g-fj8r: Microsoft Internet Explorer 6
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
GHSA
GHSA-7mgv-jg63-hvqh: Mozilla Firefox 3
ghsa_unreviewed·2022-05-02
CVE-2009-2479 [HIGH] CWE-119 GHSA-7mgv-jg63-hvqh: Mozilla Firefox 3
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
GHSA
GHSA-rr84-5976-78qm: Google Chrome 2
ghsa_unreviewed·2022-05-02·CVSS 7.8
CVE-2009-2578 [HIGH] CWE-119 GHSA-rr84-5976-78qm: Google Chrome 2
Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
GHSA
GHSA-p3mw-2r4j-49c2: Opera 9
ghsa_unreviewed·2022-05-02·CVSS 7.8
CVE-2009-2577 [HIGH] GHSA-p3mw-2r4j-49c2: Opera 9
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
Red Hat
firefox 3.5 various flaws
vendor_redhat·2009-07-14·CVSS 7.8
CVE-2009-2479 [HIGH] firefox 3.5 various flaws
firefox 3.5 various flaws
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
No detection rules found.
http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/http://osvdb.org/55931http://websecurity.com.ua/3338/http://www.exploit-db.com/exploits/9158http://www.securityfocus.com/archive/1/505092/100/0/threadedhttp://www.securityfocus.com/bid/35707http://www.securitytracker.com/id?1022580https://bugzilla.mozilla.org/show_bug.cgi?id=504342https://bugzilla.mozilla.org/show_bug.cgi?id=504343https://exchange.xforce.ibmcloud.com/vulnerabilities/51729https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.htmlhttp://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/http://osvdb.org/55931http://websecurity.com.ua/3338/http://www.exploit-db.com/exploits/9158http://www.securityfocus.com/archive/1/505092/100/0/threadedhttp://www.securityfocus.com/bid/35707http://www.securitytracker.com/id?1022580https://bugzilla.mozilla.org/show_bug.cgi?id=504342https://bugzilla.mozilla.org/show_bug.cgi?id=504343https://exchange.xforce.ibmcloud.com/vulnerabilities/51729https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html
2009-07-16
Published