Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability

ID ZDI-08-093
Type zdi
Reporter ling and wushi of team509
Modified 2008-11-09T00:00:00


This vulnerability allows attackers to potentially execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific flaw exists when a DOM method on a specific HTML form object is called before the object itself has actually completed it's initialization. This will lead to a call of uninitialized data which can result in code execution under the context of the current user.