You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-41

Mozilla Foundation Security Advisory 2012-41

Title: Use-after-free in nsHTMLSelectElement
Impact: Critical
Announced: June 18, 2012
Reporter: regenrecht
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 9.0
  Thunderbird 9.0
  SeaMonkey 2.6


Security researcher regenrecht reported a flaw that affected Firefox versions 4 through 8 via TippingPoint's Zero Day Initiative. This flaw is a use-after-free in nsHTMLSelectElement when the parent node of the element is no longer active and could allow for possible remote code execution.

Firefox 3.6 is not affected by this vulnerability.