ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption Vulnerability

ZDI-09-015: Mozilla Firefox XUL moveToEdgeShift Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-015 March 30, 2009 -- CVE ID: CVE-2009-1044 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.0.x -- Vulnerability Details: This...

CVE-2009-1044

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009...