Mozilla Foundation Security Advisory 2012-12

Use-after-free in shlwapi.dll

Announced
March 13, 2012
Reporter
Blair Strang, Scott Bell
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 11
  • Firefox ESR 10.0.3
  • SeaMonkey 2.8
  • Thunderbird 11
  • Thunderbird ESR 10.0.3

Description

Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially exploitable.

Firefox 3.6 and Thunderbird 3.1 are not affected by this vulnerability.

References