You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-66

Mozilla Foundation Security Advisory 2010-66

Title: Use-after-free error in nsBarProp
Impact: Critical
Announced: October 19, 2010
Reporter: Sergey Glazunov
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.11
  Firefox 3.5.14
  Thunderbird 3.1.5
  Thunderbird 3.0.9
  SeaMonkey 2.0.9

Description

Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory.

References