You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-51
Mozilla Foundation Security Advisory 2010-51
Title: Dangling pointer vulnerability using DOM plugin array
Impact: Critical
Announced: September 7, 2010
Reporter: Sergey Glazunov
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.9
Firefox 3.5.12
Thunderbird 3.1.3
Thunderbird 3.0.7
SeaMonkey 2.0.7
Description
Security researcher Sergey Glazunov reported a
dangling pointer vulnerability in the implementation
of navigator.plugins
in which the navigator
object could retain a pointer to the plugins array even after it had
been destroyed. An attacker could potentially use this issue to crash
the browser and run arbitrary code on a victim's computer.