• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-08

Mozilla Foundation Security Advisory 2012-08

Title: Crash with malformed embedded XSLT stylesheets
Impact: Critical
Announced: January 31, 2012
Reporter: Nicolas Grégoire, Aki Helin
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 10.0
  Firefox 3.6.26
  Thunderbird 10.0
  Thunderbird 3.1.18
  SeaMonkey 2.7

Description

Security researchers Nicolas Grégoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution.

References

• Researcher Bug Reports
• CVE-2012-0449