Mozilla Foundation Security Advisory 2011-06

2011-03-03T00:00:00
ID SECURITYVULNS:DOC:25842
Type securityvulns
Reporter Securityvulns
Modified 2011-03-03T00:00:00

Description

Mozilla Foundation Security Advisory 2011-06

Title: Use-after-free error using Web Workers Impact: Critical Announced: March 1, 2011 Reporter: Daniel Kozlowski Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.14 Firefox 3.5.17 SeaMonkey 2.0.12 Description

Daniel Kozlowski reported that a JavaScript Worker could be used to keep a reference to an object that could be freed during garbage collection. Subsequent calls through this deleted reference could cause attacker-controlled memory to be executed on a victim's computer. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=626631
* CVE-2011-0057