| Vulnerability Name: | CVE-2009-2479 (CCN-51729) | ||||||||
| Assigned: | 2009-07-15 | ||||||||
| Published: | 2009-07-15 | ||||||||
| Updated: | 2018-10-10 | ||||||||
| Summary: | Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. Note: this was originally reported as a stack-based buffer overflow. Note: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox. Reference links provided indicate Denial of Service impact only. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C) 6.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C)
3.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/ Source: MITRE Type: CNA CVE-2009-2479 Source: OSVDB Type: UNKNOWN 55931 Source: CCN Type: SECTRACK ID: 1022580 Mozilla Firefox Bug in Processing Unicode Characters Lets Remote Users Deny Service Source: MISC Type: UNKNOWN http://websecurity.com.ua/3338/ Source: EXPLOIT-DB Type: UNKNOWN 9158 Source: CCN Type: Mozilla Web site Firefox Source: CCN Type: OSVDB ID: 55931 Mozilla Firefox Write Method Unicode String Argument Handling Remote Overflow Source: CCN Type: OSVDB ID: 56321 Google Chrome Write Method Unicode String Argument Handling Remote DoS Source: CCN Type: OSVDB ID: 56322 Opera Write Method Unicode String Argument Handling Remote DoS Source: CCN Type: OSVDB ID: 56323 Microsoft IE Write Method Unicode String Argument Handling Remote DoS Source: BUGTRAQ Type: UNKNOWN 20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome Source: BID Type: Exploit 35707 Source: CCN Type: BID-35707 Mozilla Firefox Unicode Data Remote Denial of Service Vulnerability Source: SECTRACK Type: UNKNOWN 1022580 Source: CONFIRM Type: UNKNOWN https://bugzilla.mozilla.org/show_bug.cgi?id=504342 Source: MISC Type: UNKNOWN https://bugzilla.mozilla.org/show_bug.cgi?id=504343 Source: XF Type: UNKNOWN firefox-unicode-data-dos(51729) Source: XF Type: UNKNOWN firefox-unicode-data-dos(51729) Source: FEDORA Type: UNKNOWN FEDORA-2009-7898 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||