• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-48

Mozilla Foundation Security Advisory 2012-48

Title: use-after-free in nsGlobalWindow::PageHidden
Impact: Moderate
Announced: July 17, 2012
Reporter: Arthur Gerkis
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 14
  Firefox ESR 10.0.6
  Thunderbird 14
  Thunderbird ESR 10.0.6
  SeaMonkey 2.11

Description

Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent is released and oldFocusedContent is used afterwards. This use-after-free could possibly allow for remote code execution.

References

• Use-after-free in nsGlobalWindow::PageHidden
• CVE-2012-1958