Russian Vulnerability Scanner Database

Back to List

CVE-2009-2477

Scores

EPSS

0.833high83.3%
0%20%40%60%80%100%

Percentile: 83.3%

CVSS

6.8medium2.0
0246810

CVSS Score: 6.8/10

All CVSS Scores

CVSS 2.0
6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvd

CWEs

CWE-94

Exploits

Exploit ID: 16299

Source: exploitdb

URL: https://www.exploit-db.com/exploits/16299

Exploit ID: 40936

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40936

Exploit ID: 9137

Source: exploitdb

URL: https://www.exploit-db.com/exploits/9137

Exploit ID: 9214

Source: exploitdb

URL: https://www.exploit-db.com/exploits/9214

Vulnerable Software (4)

Type: Configuration

Product: xulrunner

Operating System: debian

Trait: 
{  "fixed": "1.9.1.2-1"}

Source: debian

Type: Configuration

Product: xulrunner

Operating System: debian lenny 5

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Product: xulrunner

Operating System: debian etch 4

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Vendor: *

Product: firefox

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list