CVE-2010-0165

The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in
the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote
attackers to cause a denial of service (memory corruption and application
crash) and possibly execute arbitrary code via vectors involving certain
indirect calls to the JavaScript eval function.

Bugs

• <https://bugzilla.mozilla.org/show_bug.cgi?id=542849&gt;