Crash and remote code execution using watch and __defineSetter__ on SVG element

ID MFSA2009-37
Type mozilla
Reporter Mozilla Foundation
Modified 2009-07-21T00:00:00


Security researcher PenPal reported a crash involving a SVG element on which a watch function and defineSetter function have been set for a particular property. The crash showed evidence of memory corruption and could potentially be used by an attacker to run arbitrary code on a victim's computer.