FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- corrupt JIT state after deep return from native function

Affected packages
3.5.*,1 <= firefox < 3.5.1,1

Details

VuXML ID c1ef9b33-72a6-11de-82ea-0030843d3802
Discovery 2009-07-16
Entry 2009-07-17
Modified 2010-05-02

Mozilla Project reports:

Firefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.

This vulnerability does not affect earlier versions of Firefox which do not support the JIT feature.

References

CVE Name CVE-2009-2477
URL http://www.kb.cert.org/vuls/id/443060
URL http://www.mozilla.org/security/announce/2009/mfsa2009-41.html