Mozilla Foundation Security Advisory 2010-28

2010-06-25T00:00:00
ID SECURITYVULNS:DOC:24121
Type securityvulns
Reporter Securityvulns
Modified 2010-06-25T00:00:00

Description

Mozilla Foundation Security Advisory 2010-28

Title: Freed object reuse across plugin instances Impact: Critical Announced: June 22, 2010 Reporter: Microsoft Vulnerability Research Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.4 Firefox 3.5.10 SeaMonkey 2.0.5 Description

Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=532246
* CVE-2010-1198