Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2010-37

Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability

Announced
July 20, 2010
Reporter
J23 (via TippingPoint's Zero Day Initiative)
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.5.11
  • Firefox 3.6.7
  • SeaMonkey 2.0.6

Description

Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. This integer is later used in allocating a memory buffer used to store the plugin parameters. Under such conditions, too small a buffer would be created and attacker-controlled data could be written past the end of the buffer, potentially resulting in code execution.

References