ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability

ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-176 September 13, 2010 -- CVE ID: CVE-2010-2766 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox...

Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the normalizeDocument...

Code injection

The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code...

Crash and remote code execution in normalizeDocument — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that code used to normalize a document contained a logical flaw that could be leveraged to run arbitrary code. When the normalization code ran, a static count of the document's child nodes was used in the traversal, so...