Mozilla Foundation Security Advisory 2010-73

Heap buffer overflow mixing document.write and DOM insertion

Announced
October 27, 2010
Reporter
Morten Kråkvik
Impact
Critical
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 3.5.15
  • Firefox 3.6.12
  • SeaMonkey 2.0.10
  • Thunderbird 3.0.10
  • Thunderbird 3.1.6

Description

Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.

Reading mail in Thunderbird does not pose a risk to users, however the vulnerability is present and could be triggered in RSS feeds if JavaScript is enabled or by an add-on that enables browser-like functionality.

References