Mozilla Firefox 3.6.x prior to 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote malicious users to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.6.1 |
||
mozilla firefox 3.6.2 |
||
mozilla firefox 3.6 |