CVE-2009-2479

Mozilla Firefox 3.0.x, 3.5, 3.5.1 - Denial of Service via Long Unicode String to write Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2479. PoCs published by Andrew Haynes.

AI-analyzed exploit summary This exploit targets a Unicode stack overflow vulnerability in Firefox 3.5 by generating a large string of Unicode characters to trigger a buffer overflow. The PoC uses JavaScript to create and concatenate strings to achieve the overflow condition.

Description

Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andrew Haynes · htmldoswindows

https://www.exploit-db.com/exploits/9158

View Code ZIP pw:eip

This exploit targets a Unicode stack overflow vulnerability in Firefox 3.5 by generating a large string of Unicode characters to trigger a buffer overflow. The PoC uses JavaScript to create and concatenate strings to achieve the overflow condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Firefox 3.5

No auth needed

Prerequisites: Victim must visit a malicious webpage using Firefox 3.5

MITRE ATT&CK