You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-18
Mozilla Foundation Security Advisory 2010-18
Title: Dangling pointer vulnerability in nsTreeContentView
Impact: Critical
Announced: March 30, 2010
Reporter: regenrecht (via TippingPoint's Zero Day Initiative)
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.2
Firefox 3.5.9
Firefox 3.0.19
Thunderbird 3.0.4
SeaMonkey 2.0.4
Description
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative an error in the
way <option>
elements are inserted into a XUL
tree <optgroup>
. In certain cases, the number of
references to an <option>
element is under-counted so
that when the element is deleted, a live pointer to its old location
is kept around and may later be used. An attacker could potentially
use these conditions to run arbitrary code on a victim's computer.
Workaround
Disable JavaScript until a version containing these fixes can be installed.