You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-09
Mozilla Foundation Security Advisory 2010-09
Title: Deleted frame reuse in multipart/x-mixed-replace image
Impact: Moderate
Announced: March 23, 2010
Reporter: regenrecht (via TippingPoint's Zero Day Initiative)
Products: Firefox 3.6
Fixed in: Firefox 3.6.2
Description
Security researcher regenrecht reported (via TippingPoint's
Zero Day Initiative) a potential reuse of a deleted image frame in Firefox
3.6's handling of multipart/x-mixed-replace
images. Although
no exploit was shown, re-use of freed memory has led to exploitable
vulnerabilities in the past.