CVE-2009-2478

Mozilla Firefox <3.5 - DoS

Title source: llm

Description

Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."

Exploits (2)

exploitdb WORKING POC VERIFIED

by David Kennedy (ReL1K) · pythonremotewindows

https://www.exploit-db.com/exploits/9181

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Sberry · htmlremotewindows

https://www.exploit-db.com/exploits/9137

View Code ZIP pw:eip

References (3)

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=502648

[Exploit] https://bugzilla.mozilla.org/show_bug.cgi?id=503286

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html

Scores

EPSS 0.0407

EPSS Percentile 88.6%

Details

CWE

CWE-189

Status published

Products (1)

mozilla/firefox 3.5

Published Jul 16, 2009

Tracked Since Feb 18, 2026