Mozilla Foundation Security Advisory 2008-49

Arbitrary code execution via Flash Player dynamic module unloading

Announced

November 12, 2008

Reporter

TippingPoint ZDI

Impact

Critical

Products

Firefox, SeaMonkey

Fixed in

Firefox 2.0.0.18
SeaMonkey 1.1.13

Description

An anonymous security researcher reported via TippingPoint's Zero Day Initiative that insufficient checks were being performed to test whether the Flash module was properly dynamically unloaded. The researcher demonstrated that a SWF file which dynamically unloads itself from an outside JavaScript function can cause the browser to access a memory address no longer mapped to the Flash module, resulting in a crash. This crash could be used by an attacker to run arbitrary code on a victim's computer.

Firefox 3 is not affected by this issue.

Workaround

Disable JavaScript until a version containing these fixes can be installed.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=433610
CVE-2008-5013

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice