You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-22

Mozilla Foundation Security Advisory 2012-22

Title: use-after-free in IDBKeyRange
Impact: Critical
Announced: April 24, 2012
Reporter: Aki Helin
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 12.0
  Firefox ESR 10.0.4
  Thunderbird 12.0
  Thunderbird ESR 10.0.4
  SeaMonkey 2.9

Description

Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. When it is destroyed, this causes a use-after-free, which is potentially exploitable.

References