Internet threat level: 1
Home→Descriptions→SA48008
Mozilla Firefox / Thunderbird / SeaMonkey XBL Binding Use-After-Free Vulnerability
| Secunia ID | |
| CVE-ID | |
| Release Date |
13 Feb 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Mozilla Firefox 10.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
A vulnerability has been reported in multiple Mozilla products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error in the "nsXBLDocumentInfo::ReadPrototypeBindings()" method when handling XBL bindings in a hash table and can be exploited to cause a cycle collector to call an invalid virtual function. Successful exploitation may allow execution of arbitrary code. |
| Solution |
Update Firefox and Thunderbird to version 10.0.1 and SeaMonkey to version 2.7.1 |
| Reported by |
The vendor credits Andrew McCreight and Olli Pettay, Mozilla developers. |
| Original Advisory |
http://www.mozilla.org/security/announce/2012/mfsa2012-10.html |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.