Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2010-48

Dangling pointer crash regression from plugin parameter array fix

Announced
July 20, 2010
Reporter
Daniel Holbert
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 3.6.8

Description

Mozilla developer Daniel Holbert reported that the fix to the plugin parameter array crash that was fixed in Firefox 3.6.7 caused a crash showing signs of memory corruption. In certain circumstances, properties in the plugin instance's parameter array could be freed prematurely leaving a dangling pointer that the plugin could execute, potentially calling into attacker-controlled memory.

Firefox 3.5.11 was also affected by the regression but the equivalent pointer was always initialized to NULL and not exploitable.

References