You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-36
Mozilla Foundation Security Advisory 2010-36
Title: Use-after-free error in NodeIterator
Impact: Critical
Announced: July 20, 2010
Reporter: regenrecht (via TippingPoint's Zero Day Initiative)
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.7
Firefox 3.5.11
SeaMonkey 2.0.6
Description
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative an error in Mozilla's
implementation of NodeIterator
in which a
malicious NodeFilter
could be created which would detach
nodes from the DOM tree while it was being traversed. The use of a
detached and subsequently deleted node could result in the execution
of attacker-controlled memory.