Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24688
HistorySep 10, 2010 - 12:00 a.m.

Mozilla Foundation Security Advisory 2010-54

2010-09-1000:00:00
vulners.com
21

Mozilla Foundation Security Advisory 2010-54

Title: Dangling pointer vulnerability in nsTreeSelection
Impact: Critical
Announced: September 7, 2010
Reporter: regenrecht
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.9
Firefox 3.5.12
Thunderbird 3.1.3
Thunderbird 3.0.7
SeaMonkey 2.0.7
Description

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that there was a remaining dangling pointer issue leftover from the fix to CVE-2010-2753. Under certain circumstances one of the pointers held by a XUL tree selection could be freed and then later reused, potentially resulting in the execution of attacker-controlled memory.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=585815
* CVE-2010-2760