• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-51

Mozilla Foundation Security Advisory 2010-51

Title: Dangling pointer vulnerability using DOM plugin array
Impact: Critical
Announced: September 7, 2010
Reporter: Sergey Glazunov
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.9
  Firefox 3.5.12
  Thunderbird 3.1.3
  Thunderbird 3.0.7
  SeaMonkey 2.0.7

Description

Security researcher Sergey Glazunov reported a dangling pointer vulnerability in the implementation of navigator.plugins in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. An attacker could potentially use this issue to crash the browser and run arbitrary code on a victim's computer.

References

• https://bugzilla.mozilla.org/show_bug.cgi?id=584512
• CVE-2010-2767