Skip to main content

Mozilla Products Use-After-Free in nsHTMLSelectElement() Vulnerability

Last Update Date: 20 Jun 2012 10:31 Release Date: 20 Jun 2012 4996 Views

RISK: High Risk

TYPE: Clients - Browsers

TYPE: Browsers

A vulnerability has been identified in Mozilla Firefox, Thunderbird and Seamonkey. A remote user can cause arbitrary code to be executed on the target user's system.

 

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a use-after-free memory error in nsHTMLSelectElement() and execute arbitrary code on the target system. The code will run with the privileges of the target user.


Impact

  • Remote Code Execution

System / Technologies affected

  • Mozilla Firefox versions 4 - 8
  • Mozilla Thunderbird versions 4 - 8
  • Mozilla Seamonkey versions prior to 2.6

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (Firefox version 9.0, Thunderbird version 9.0, Seamonkey version 2.6).

Vulnerability Identifier


Source


Related Link