You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-06
Mozilla Foundation Security Advisory 2011-06
Title: Use-after-free error using Web Workers
Impact: Critical
Announced: March 1, 2011
Reporter: Daniel Kozlowski
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.14
Firefox 3.5.17
SeaMonkey 2.0.12
Description
Daniel Kozlowski reported that a
JavaScript Worker
could be used to keep a reference to an
object that could be freed during garbage collection. Subsequent
calls through this deleted reference could cause attacker-controlled
memory to be executed on a victim's computer.