Search for vulnerabilities
| Vulnerability ID | VCID-jkjk-6r2p-jbcu |
| Aliases |
CVE-2009-2471
|
| Summary | Mozilla developer Blake Kaplan reported that setTimeout, when called with certain object parameters which should be protected with a XPCNativeWrapper, will fail to keep the object wrapped when compiling the new function to be executed. If chrome privileged code were to call setTimeout using this as an argument, the this object will lose its wrapper and could be unsafely accessed by chrome code. An attacker could use such vulnerable code to run arbitrary JavaScript with chrome privileges. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.02113 | https://api.first.org/data/v1/epss?cve=CVE-2009-2471 |
| generic_textual | critical | https://www.mozilla.org/en-US/security/advisories/mfsa2009-39 |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2471.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2009-2471 | ||
| 512146 | https://bugzilla.redhat.com/show_bug.cgi?id=512146 | |
| CVE-2009-2471 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471 | |
| GLSA-201301-01 | https://security.gentoo.org/glsa/201301-01 | |
| mfsa2009-39 | https://www.mozilla.org/en-US/security/advisories/mfsa2009-39 | |
| RHSA-2009:1162 | https://access.redhat.com/errata/RHSA-2009:1162 |
| Percentile | 0.8439 |
| EPSS Score | 0.02113 |
| Published At | May 29, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-29T08:27:40.672620+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2009/mfsa2009-39.md | 38.6.0 |