CVE-2009-2664Reachable Assertion in Mozilla Firefox

CWE-3994 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
3.0%
top 13.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedAug 4
Latest updateMay 2

Description

The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox3.5.1+93

Patches

Patch: www.mozilla.orgPatch: www.vupen.comPatch: www.mozilla.org

🔴Vulnerability Details

1
GHSA
GHSA-89w9-2j44-v823: The js_watch_set function in js/src/jsdbgapi2022-05-02

📋Vendor Advisories

1
Red Hat
security flaw2009-08-03

💬Community

1
Bugzilla
CVE-2009-2664 security flaw2018-08-16