Mozilla Foundation Security Advisory 2009-37

Crash and remote code execution using watch and __defineSetter__ on SVG element

Announced
July 21, 2009
Reporter
PenPal
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 3.0.12
  • Firefox 3.5

Description

Security researcher PenPal reported a crash involving a SVG element on which a watch function and __defineSetter__ function have been set for a particular property. The crash showed evidence of memory corruption and could potentially be used by an attacker to run arbitrary code on a victim's computer.

Workaround

Disable JavaScript until a version containing these fixes can be installed.

References