Mozilla Foundation Security Advisory 2011-04

Buffer overflow in JavaScript upvarMap

Announced
March 1, 2011
Reporter
Christian Holler
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.5.17
  • Firefox 3.6.14
  • SeaMonkey 2.0.12

Description

Security researcher Christian Holler reported that the JavaScript engine's internal memory mapping of non-local JS variables contained a buffer overflow which could potentially be used by an attacker to run arbitrary code on a victim's computer.

References