Mozilla Firefox JIT Escape Function Memory Corruption

Added: 07/13/2009
CVE: CVE-2009-2477
BID: 35660
OSVDB: 55846


Mozilla is a suite of Internet client products available for multiple platforms.


A memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and execution when a user loads a malicious web page.


Upgrade to Firefox 3.5.1 or higher.



The target Windows XP system must have at least 1G virtual memory allocated. The target Linux system must have at least 2G physical memory. Exploit works on Firefox 3.5. In order for exploitation to succeed, a user must load the exploit in a vulnerable browser.

After a user loads the exploit page, there may be a delay before the exploit succeeds.


Windows XP
Mac OS X

Back to exploit index