Computer Security

Security Advisory: Mozilla Foundation Security Advisory 2010-36
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

  Mozilla Firefox 3.5.x Address Bar Spoofing Vulnerability

  ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability

  ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability

  ZDI-10-132: Mozilla Firefox Plugin Parameter EnsureCachedAttrParam
Arrays Remote Code Execution Vulnerability

From:MOZILLA
Date:24.07.2010
Subject:Mozilla Foundation Security Advisory 2010-36

Mozilla Foundation Security Advisory 2010-36

Title: Use-after-free error in NodeIterator
Impact: Critical
Announced: July 20, 2010
Reporter: regenrecht (via TippingPoint's Zero Day Initiative)
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.7
 Firefox 3.5.11
 SeaMonkey 2.0.6
Description

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative an error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. The use of a detached and subsequently deleted node could result in the execution of attacker-controlled memory.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=552110
   * CVE-2010-1209

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru