Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Freed object reuse across plugin instances

Related Vulnerabilities: CVE-2010-1198  

Source

Mozilla Foundation Security Advisory 2010-28

Freed object reuse across plugin instances

Announced
June 22, 2010
Reporter
Microsoft Vulnerability Research
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.5.10
  • Firefox 3.6.4
  • SeaMonkey 2.0.5

Description

Microsoft Vulnerability Research reported that two plugin instances could interact in a way in which one plugin gets a reference to an object owned by a second plugin and continues to hold that reference after the second plugin is unloaded and its object is destroyed. In these cases, the first plugin would contain a pointer to freed memory which, if accessed, could be used by an attacker to execute arbitrary code on a victim's computer.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started