CVE-2009-2477: Just-in-time (JIT) JavaScript compiler allows remote attackers to execute arbitrary code
Bug #400557 reported by
Micah Gersten
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mozilla Firefox |
Fix Released
|
Critical
|
|||
firefox-3.5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: firefox-3.5
Overview
The Just-in-time (JIT) JavaScript compiler in Mozilla Firefox 3.5 allows remote attackers to execute arbitrary code via a crafted document containing P and FONT elements.
Impact
CVSS Severity (version 2.0):
CVSS v2 Base Score:6.9 (MEDIUM) (AV:L/AC:
Impact Subscore: 10.0
Exploitability Subscore: 3.4
CVSS Version 2 Metrics:
Access Vector: Locally exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
CVE References
visibility: | private → public |
Changed in firefox-3.5 (Ubuntu): | |
status: | New → Fix Committed |
Changed in firefox: | |
status: | Unknown → Fix Released |
Changed in firefox: | |
importance: | Unknown → Critical |
To post a comment you must log in.
Confirmed on Windows Vista. I'll try to find some bug history.