Mozilla

Mozilla

Mozilla Foundation Security Advisory 2010-09

Deleted frame reuse in multipart/x-mixed-replace image

Announced
March 23, 2010
Reporter
regenrecht (via TippingPoint's Zero Day Initiative)
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 3.6.2

Description

Security researcher regenrecht reported (via TippingPoint's Zero Day Initiative) a potential reuse of a deleted image frame in Firefox 3.6's handling of multipart/x-mixed-replace images. Although no exploit was shown, re-use of freed memory has led to exploitable vulnerabilities in the past.

References