CVE-2009-2477 Information

Description

js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations as originally demonstrated by a document containing P and FONT elements.

Reference

http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/ http://isc.sans.org/diary.html?storyid=6796 http://secunia.com/advisories/35798 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1 http://voices.washingtonpost.com/securityfix/2009/07/stopgap_fix_for_critical_firef.html http://www.exploit-db.com/exploits/9137 http://www.exploit-db.com/exploits/9181 http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5–/news/113761 http://www.kb.cert.org/vuls/id/443060 http://www.mozilla.org/security/announce/2009/mfsa2009-41.html http://www.securityfocus.com/bid/35660 http://www.vupen.com/english/advisories/2009/1868 https://bugzilla.mozilla.org/show_bug.cgi?id=503286 https://www.exploit-db.com/exploits/40936/ https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html