Mozilla Firefox/SeaMonkey 'nsTreeRange' Dangling Pointer Remote Code Execution Vulnerability

Mozilla Firefox and SeaMonkey are prone to a remote code-execution vulnerability because of a dangling-pointer issue.

An attacker can exploit this issue by enticing an unsuspecting user into viewing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue is fixed in:

Firefox 3.6.17
Firefox 3.5.19
SeaMonkey 2.0.14

NOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) but has been moved to its own record to better document it.


 

Privacy Statement
Copyright 2010, SecurityFocus