Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2479Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents5 sources
Severity
7.8HIGHNVD
NVD5.0
EPSS
11.2%
top 6.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Microsoft Internet ExplorerOpera BrowserGoogle Chrome+2 more
Timeline
PublishedJul 16
Latest updateMay 2

Description

Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages5 packages

NVDmozilla/firefox19 versions+18
NVDopera/opera_browser9.52+22
NVDmicrosoft/internet_explorer6.0.2900.2180+55
NVDmicrosoft/ie25 versions+24
NVDgoogle/chrome6 versions+5

🔴Vulnerability Details

4
GHSA
GHSA-9q9v-fv5g-fj8r: Microsoft Internet Explorer 62022-05-02
GHSA
GHSA-7mgv-jg63-hvqh: Mozilla Firefox 32022-05-02
GHSA
GHSA-rr84-5976-78qm: Google Chrome 22022-05-02
GHSA
GHSA-p3mw-2r4j-49c2: Opera 92022-05-02

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 3.5 - Unicode Remote Buffer Overflow (PoC)2009-07-15

📋Vendor Advisories

1
Red Hat
firefox 3.5 various flaws2009-07-14

💬Community

1
Bugzilla
CVE-2009-2477 CVE-2009-2478 CVE-2009-2479 firefox 3.5 various flaws2009-07-14