Mozilla Foundation Security Advisory 2011-13

Multiple dangling pointer vulnerabilities

Announced

April 28, 2011

Reporter

regenrecht

Impact

Critical

Products

Firefox, SeaMonkey

Fixed in

• Firefox 3.5.19
• Firefox 3.6.17
• SeaMonkey 2.0.14

Description

Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint's Zero Day Initiative.

Firefox 4 was not affected by these issues.

References

• Use-after-free vulnerability in OBJECT's mChannel
• CVE-2011-0065

• Use-after-free vulnerability in OBJECT's mObserverList
• CVE-2011-0066

• nsTreeRange Dangling Pointer Remote Code Execution Vulnerability
• CVE-2011-0073