Use-after-free in nsHTMLSelectElement
- June 18, 2012
- Firefox, SeaMonkey, Thunderbird
- Fixed in
- Firefox 9
- SeaMonkey 2.6
- Thunderbird 9
Security researcher regenrecht reported a flaw that affected Firefox versions 4 through 8 via TippingPoint's Zero Day Initiative. This flaw is a use-after-free in nsHTMLSelectElement when the parent node of the element is no longer active and could allow for possible remote code execution.
Firefox 3.6 is not affected by this vulnerability.