Mozilla Firefox JIT Escape Function Memory Corruption

Added: 07/13/2009
CVE: CVE-2009-2477
BID: 35660
OSVDB: 55846

Background

Mozilla is a suite of Internet client products available for multiple platforms.

Problem

A memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and execution when a user loads a malicious web page.

Resolution

Upgrade to Firefox 3.5.1 or higher.

References

http://www.mozilla.org/security/announce/2009/mfsa2009-41.html

Limitations

The target Windows XP system must have at least 1G virtual memory allocated. The target Linux system must have at least 2G physical memory. Exploit works on Firefox 3.5. In order for exploitation to succeed, a user must load the exploit in a vulnerable browser.

After a user loads the exploit page, there may be a delay before the exploit succeeds.

Platforms

Windows XP
Linux
Mac OS X

Back to exploit index