You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-66
Mozilla Foundation Security Advisory 2010-66
Title: Use-after-free error in nsBarProp
Impact: Critical
Announced: October 19, 2010
Reporter: Sergey Glazunov
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.11
Firefox 3.5.14
Thunderbird 3.1.5
Thunderbird 3.0.9
SeaMonkey 2.0.9
Description
Security researcher Sergey Glazunov reported that
it was possible to access the locationbar
property of
a window
object after it had been closed. Since the
closed window
's memory could have been subsequently
reused by the system it was possible that an attempt to access
the locationbar
property could result in the execution of
attacker-controlled memory.