Mozilla Products Use-After-Free in nsHTMLSelectElement() Vulnerability
RISK: High Risk
TYPE: Clients - Browsers
A vulnerability has been identified in Mozilla Firefox, Thunderbird and Seamonkey. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a use-after-free memory error in nsHTMLSelectElement() and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Impact
- Remote Code Execution
System / Technologies affected
- Mozilla Firefox versions 4 - 8
- Mozilla Thunderbird versions 4 - 8
- Mozilla Seamonkey versions prior to 2.6
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (Firefox version 9.0, Thunderbird version 9.0, Seamonkey version 2.6).
Vulnerability Identifier
Source
Related Link
Share with