Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2007-08

onUnload + document.write() memory corruption

Announced
February 25, 2007
Reporter
Michal Zalewski
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 1.5.0.10
  • Firefox 2.0.0.2
  • SeaMonkey 1.0.8

Description

Michal Zalewski reported a memory corruption vulnerability in Firefox 2.0.0.1 involving mixing the onUnload event handler and self-modifying document.write() calls. This flaw was introduced in Firefox 2.0.0.1 and 1.5.0.9 and does not affect earlier versions; it is fixed in Firefox 2.0.0.2 and 1.5.0.10

Workaround

Disable JavaScript until a fixed version can be installed.

References