Dangling pointer vulnerability in nsTreeSelection

ID MFSA2010-54
Type mozilla
Reporter Mozilla Foundation
Modified 2010-09-07T00:00:00


Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that there was a remaining dangling pointer issue leftover from the fix to CVE-2010-2753. Under certain circumstances one of the pointers held by a XUL tree selection could be freed and then later reused, potentially resulting in the execution of attacker-controlled memory.