Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2009-49
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Mozilla Firefox multiple security vulnerabilities

  Firefox <3.0.14 Multiplatform RCE via pkcs11.addmodule

  ZDI-09-065: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability

  Mozilla Foundation Security Advisory 2009-51

  Mozilla Foundation Security Advisory 2009-50

From:MOZILLA
Date:10.09.2009
Subject:Mozilla Foundation Security Advisory 2009-49

Mozilla Foundation Security Advisory 2009-49

Title: TreeColumns dangling pointer vulnerability
Impact: Critical
Announced: September 9, 2009
Reporter: TippingPoint ZDI
Products: Firefox

Fixed in: Firefox 3.5.3
 Firefox 3.0.14
Description

An anonymous security researcher, via TippingPoint's Zero Day Initiative, reported that the columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. An attacker could potentially use this vulnerability to crash a victim's browser and run arbitrary code on the victim's computer.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=506871
   * CVE-2009-3077

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server