Mozilla Foundation Security Advisory 2012-79
DOS and crash with full screen and history navigation
- Announced
- October 9, 2012
- Reporter
- Soroush Dalili
- Impact
- Critical
- Products
- Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
- Fixed in
-
- Firefox 16
- Firefox ESR 10.0.8
- SeaMonkey 2.13
- Thunderbird 16
- Thunderbird ESR 10.0.8
Description
Security researcher Soroush Dalili reported that a combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. This crash may be potentially exploitable.
In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.