You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-27
Mozilla Foundation Security Advisory 2010-27
Title: Use-after-free error in nsCycleCollector::MarkRoots()
Impact: Critical
Announced: June 22, 2010
Reporter: wushi
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.5.10
SeaMonkey 2.0.5
Description
Security researcher wushi of team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section of code potentially controlled by an attacker.