Memory corruption with simultaneous events
- July 25, 2006
- Secunia Research
- Firefox, SeaMonkey, Thunderbird
- Fixed in
- Firefox 188.8.131.52
- SeaMonkey 1.0.3
- Thunderbird 184.108.40.206
Secunia Research has discovered a vulnerability in Mozilla Firefox 1.5 branch, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an memory corruption error within the handling of simultaneously happening XPCOM events, which leads to use of a deleted timer object. This generally results in a crash but potentially could be exploited to execute arbitrary code on a user's system when a malicious website is visited.
This vulnerability was introduced during Firefox 1.5 development, it does not affect Firefox 1.0 or Mozilla Suite 1.7