Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2011-20

Use-after-free vulnerability when viewing XUL document with script disabled

June 21, 2011
Martin Barbella
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 3.6.18
  • Firefox 5
  • SeaMonkey 2.2
  • Thunderbird 3.1.11


Security researcher Martin Barbella reported that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. This flaw could potentially be used by an attacker to crash a victim's browser and run arbitrary code on their computer.

XUL document support was disabled by default in Firefox 4 and SeaMonkey 2.1 and users of those versions are not generally at risk. It is possible for add-ons to re-enable the feature for specific sites (for example, to support a legacy intranet XUL application) which would have introduced this vulnerability while browsing those sites.