Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23254
HistoryFeb 19, 2010 - 12:00 a.m.

Mozilla Foundation Security Advisory 2010-03

2010-02-1900:00:00
vulners.com
34

Mozilla Foundation Security Advisory 2010-03

Title: Use-after-free crash in HTML parser
Impact: Critical
Announced: February 17, 2010
Reporter: Alin Rad Pop
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6
Firefox 3.5.8
Firefox 3.0.18
Thunderbird 3.0.2
SeaMonkey 2.0.3
Description

Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=526500
* CVE-2009-1571
* SA37242
Related for SECURITYVULNS:DOC:23254