• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-57

Mozilla Foundation Security Advisory 2010-57

Title: Crash and remote code execution in normalizeDocument
Impact: Critical
Announced: September 7, 2010
Reporter: regenrecht
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.9
  Firefox 3.5.12
  Thunderbird 3.1.3
  Thunderbird 3.0.7
  SeaMonkey 2.0.7

Description

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that code used to normalize a document contained a logical flaw that could be leveraged to run arbitrary code. When the normalization code ran, a static count of the document's child nodes was used in the traversal, so a page could be constructed that would remove DOM nodes during this normalization which could lead to the accessing of a deleted object and potentially the execution of attacker-controlled memory.

Workaround

Disable JavaScript or install NoScript until a version containing these fixes can be installed.

References

• https://bugzilla.mozilla.org/show_bug.cgi?id=580445
• CVE-2010-2766