Mozilla Foundation Security Advisory 2012-80

Crash with invalid cast when using instanceof operator

Announced
October 9, 2012
Reporter
Ms2ger
Impact
Critical
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 16
  • SeaMonkey 2.13
  • Thunderbird 16

Description

Mozilla community member Ms2ger reported a crash due to an invalid cast when using the instanceof operator on certain types of JavaScript objects. This can lead to a potentially exploitable crash.

In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.

References