Mozilla Foundation Security Advisory 2011-20

Use-after-free vulnerability when viewing XUL document with script disabled

Announced
June 21, 2011
Reporter
Martin Barbella
Impact
Critical
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 3.6.18
  • Firefox 5
  • SeaMonkey 2.2
  • Thunderbird 3.1.11

Description

Security researcher Martin Barbella reported that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. This flaw could potentially be used by an attacker to crash a victim's browser and run arbitrary code on their computer.

XUL document support was disabled by default in Firefox 4 and SeaMonkey 2.1 and users of those versions are not generally at risk. It is possible for add-ons to re-enable the feature for specific sites (for example, to support a legacy intranet XUL application) which would have introduced this vulnerability while browsing those sites.

References