You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-09

Mozilla Foundation Security Advisory 2010-09

Title: Deleted frame reuse in multipart/x-mixed-replace image
Impact: Moderate
Announced: March 23, 2010
Reporter: regenrecht (via TippingPoint's Zero Day Initiative)
Products: Firefox 3.6

Fixed in: Firefox 3.6.2

Description

Security researcher regenrecht reported (via TippingPoint's Zero Day Initiative) a potential reuse of a deleted image frame in Firefox 3.6's handling of multipart/x-mixed-replace images. Although no exploit was shown, re-use of freed memory has led to exploitable vulnerabilities in the past.

References