Mozilla Firefox nsTreeRange Use After FreeAdded: 07/27/2011
BackgroundFirefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.
ProblemMozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability caused by accessing previously freed memory.
ResolutionFor Firefox 3.6, upgrade to version 3.6.17 or later. For Firefox 3.5, upgrade to 3.5.19 or later. For SeaMonkey, upgrade to 2.0.14 or later.
LimitationsThis exploit has been tested against Mozilla Foundation Firefox 3.6.16 running on Microsoft Windows XP SP3 English (DEP OptIn) with KB959426 updated and "kernel32.dll" version 5.1.2600.5781.
Back to exploit index