Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-2469

Source

Mozilla Foundation Security Advisory 2009-37

Crash and remote code execution using watch and defineSetter on SVG element

Announced

July 21, 2009

Reporter

PenPal

Impact

Critical

Products

Firefox

Fixed in

Firefox 3.0.12
Firefox 3.5

Description

Security researcher PenPal reported a crash involving a SVG element on which a watch function and __defineSetter__ function have been set for a particular property. The crash showed evidence of memory corruption and could potentially be used by an attacker to run arbitrary code on a victim's computer.

Workaround

Disable JavaScript until a version containing these fixes can be installed.

References

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Crash and remote code execution using watch and __defineSetter__ on SVG element

Crash and remote code execution using watch and __defineSetter__ on SVG element

Description

Workaround

References

Vulmon Search

About

Products

Connect

Crash and remote code execution using watch and defineSetter on SVG element

Crash and remote code execution using watch and defineSetter on SVG element