• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-38

Mozilla Foundation Security Advisory 2012-38

Title: Use-after-free while replacing/inserting a node in a document
Impact: Critical
Announced: June 5, 2012
Reporter: Arthur Gerkis
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 13.0
  Firefox ESR 10.0.5
  Thunderbird 13.0
  Thunderbird ESR 10.0.5
  SeaMonkey 2.10

Description

Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution.

References

• Use-after-free in nsINode::ReplaceOrInsertBefore
• CVE-2012-1946