MozillaFirefox to 10.0.1 (critical)

2012-02-14T20:08:25
ID OPENSUSE-SU-2012:0258-1
Type suse
Reporter Suse
Modified 2012-02-14T20:08:25

Description

MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue.

Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable.

Firefox 9 and earlier are not affected by this vulnerability.

<a rel="nofollow" href="https://www.mozilla.org/security/announce/2012/mfsa2012-10.h">https://www.mozilla.org/security/announce/2012/mfsa2012-10.h</a> tml