CVE-2009-2479

Publication date 16 July 2009

Last updated 24 July 2024

Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox-3.5	9.04 jaunty	Fixed 3.5.3+build1+nobinonly-0ubuntu0.9.04.2
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
xulrunner-1.9.1	9.04 jaunty	Fixed 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2009-2479