Mozilla Foundation Security Advisory 2010-27

2010-06-25T00:00:00
ID SECURITYVULNS:DOC:24120
Type securityvulns
Reporter Securityvulns
Modified 2010-06-25T00:00:00

Description

Mozilla Foundation Security Advisory 2010-27

Title: Use-after-free error in nsCycleCollector::MarkRoots() Impact: Critical Announced: June 22, 2010 Reporter: wushi Products: Firefox, SeaMonkey

Fixed in: Firefox 3.5.10 SeaMonkey 2.0.5 Description

Security researcher wushi of team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section of code potentially controlled by an attacker. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=557174
* CVE-2010-0183