• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-57

Mozilla Foundation Security Advisory 2011-57

Title: Crash when plugin removes itself on Mac OS X
Impact: High
Announced: December 20, 2011
Reporter: Richard Bateman
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 9.0
  Thunderbird 9.0
  SeaMonkey 2.6

Description

FireBreath developer Richard Bateman reported a crash on Mac OS X that occurred when a plugin deletes its containing DOM frame during a call from that frame. The observed symptom is a null dereference but we cannot rule out the possibility that content from a scriptable plugin such as Flash could find a way to dereference a more useful address and exploit it.

References

• https://bugzilla.mozilla.org/show_bug.cgi?id=649079
• CVE-2011-3664