Mozilla

Mozilla

Mozilla Foundation Security Advisory 2009-35

Crash and remote code execution during Flash player unloading

Announced
July 21, 2009
Reporter
Attila Suszter
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 3.0.12
  • Firefox 3.5.1

Description

Security researcher Attila Suszter reported that when a page contains a Flash object which presents a slow script dialog, and the page is navigated while the dialog is still visible to the user, the Flash plugin is unloaded resulting in a crash due to a call to the deleted object. This crash could potentially be used by an attacker to run arbitrary code on a victim's computer.

References