Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24690
HistorySep 10, 2010 - 12:00 a.m.

Mozilla Foundation Security Advisory 2010-56

2010-09-1000:00:00
vulners.com
34

Mozilla Foundation Security Advisory 2010-56

Title: Dangling pointer vulnerability in nsTreeContentView
Impact: Critical
Announced: September 7, 2010
Reporter: regenrecht
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.9
Firefox 3.5.12
Thunderbird 3.1.3
Thunderbird 3.0.7
SeaMonkey 2.0.7
Description

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that the implementation of XUL <tree>'s content view contains a dangling pointer vulnerability. One of the content view's methods for accessing the internal structure of the tree could be manipulated into removing a node prior to accessing it, resulting in the accessing of deleted memory. If an attacker can control the contents of the deleted memory prior to its access they could use this vulnerability to run arbitrary code on a victim's machine.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=576070
* CVE-2010-3167
Related for SECURITYVULNS:DOC:24690