Mozilla Firefox OBJECT mChannel Use-After-Free

Added: 08/22/2011
CVE: CVE-2011-0065
BID: 47659
OSVDB: 72085

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

A use-after-free vulnerability allows command execution when a user loads a specially crafted web page that causes an **OnChannelRedirect** method call on an object with an unassigned mChannel, resulting in a dangling pointer.

Resolution

Upgrade to Firefox 3.5.19 or 3.6.17 or higher.

References

<http://www.mozilla.org/security/announce/2011/mfsa2011-13.html&gt;

Limitations

Exploit works on Mozilla Foundation Firefox 3.6.16 on Microsoft Windows XP SP3 English (DEP OptIn) with KB959426.

The user must open the exploit page in Firefox.

Platforms

Windows