Mozilla Foundation Security Advisory 2013-29

Use-after-free in HTML Editor

Announced
March 7, 2013
Reporter
VUPEN Security
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 19.0.2
  • Firefox ESR 17.0.4
  • SeaMonkey 2.16.1
  • Thunderbird 17.0.4
  • Thunderbird ESR 17.0.4

Description

VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution.

References