Search for vulnerabilities
Vulnerability details: VCID-3sca-u87h-aaas
Vulnerability ID VCID-3sca-u87h-aaas
Aliases CVE-2009-2479
Summary Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.06227 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.10997 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.13444 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
epss 0.14161 https://api.first.org/data/v1/epss?cve=CVE-2009-2479
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=511228
cvssv2 7.8 https://nvd.nist.gov/vuln/detail/CVE-2009-2479
Reference id Reference type URL
http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/
http://osvdb.org/55931
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2479.json
https://api.first.org/data/v1/epss?cve=CVE-2009-2479
https://bugzilla.mozilla.org/show_bug.cgi?id=504342
https://bugzilla.mozilla.org/show_bug.cgi?id=504343
https://exchange.xforce.ibmcloud.com/vulnerabilities/51729
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html
http://websecurity.com.ua/3338/
http://www.exploit-db.com/exploits/9158
http://www.securityfocus.com/archive/1/505092/100/0/threaded
http://www.securityfocus.com/bid/35707
http://www.securitytracker.com/id?1022580
511228 https://bugzilla.redhat.com/show_bug.cgi?id=511228
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
CVE-2009-2479 https://nvd.nist.gov/vuln/detail/CVE-2009-2479
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
OSVDB-55931;CVE-2009-2479 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/9158.html
Data source Exploit-DB
Date added July 14, 2009
Description Mozilla Firefox 3.5 - Unicode Remote Buffer Overflow (PoC)
Ransomware campaign use Known
Source publication date July 15, 2009
Exploit type dos
Platform windows
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-2479
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93790
EPSS Score 0.06227
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.