Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2010-09

Deleted frame reuse in multipart/x-mixed-replace image

Announced
March 23, 2010
Reporter
regenrecht (via TippingPoint's Zero Day Initiative)
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 3.6.2

Description

Security researcher regenrecht reported (via TippingPoint's Zero Day Initiative) a potential reuse of a deleted image frame in Firefox 3.6's handling of multipart/x-mixed-replace images. Although no exploit was shown, re-use of freed memory has led to exploitable vulnerabilities in the past.

References