Mozilla Firefox nsTreeRange Use After Free

2011-07-27T00:00:00
ID SAINT:7125A31805FAE815FB71C624F403114B
Type saint
Reporter SAINT Corporation
Modified 2011-07-27T00:00:00

Description

Added: 07/27/2011
CVE: CVE-2011-0073
BID: 47663
OSVDB: 72087

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability caused by accessing previously freed memory.

Resolution

For Firefox 3.6, upgrade to version 3.6.17 or later. For Firefox 3.5, upgrade to 3.5.19 or later. For SeaMonkey, upgrade to 2.0.14 or later.

References

<http://www.mozilla.org/security/announce/2011/mfsa2011-13.html>
<https://bugzilla.mozilla.org/show_bug.cgi?id=630919>

Limitations

This exploit has been tested against Mozilla Foundation Firefox 3.6.16 running on Microsoft Windows XP SP3 English (DEP OptIn) with KB959426 updated and "kernel32.dll" version 5.1.2600.5781.

Platforms

Windows