HTTP: Mozilla Firefox nsTreeRange Use After Free Remote Code Execution

A use-after-free vulnerability exists in Mozilla Firefox. The vulnerability is due to a flaw in the code that handles user-defined functions of an nsTreeSelection element, which allows freeing an object and operating on it afterwards. A remote attacker could exploit this vulnerability by enticing a user to visit a malicious web page. A successful attack would result in execution of arbitrary code in the security context of the user running the browser. If the attack fails, the software may terminate abnormally.

Extended Description

Mozilla Firefox and SeaMonkey are prone to a remote code-execution vulnerability because of a dangling-pointer issue. An attacker can exploit this issue by enticing an unsuspecting user into viewing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in: Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 NOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) but has been moved to its own record to better document it.

Affected Products

Suse suse_linux_enterprise_desktop

Short Name
HTTP:STC:MOZILLA:FIREFOX-NSTREE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
After CVE-2011-0073 Code Execution Firefox Free Mozilla Remote Use bid:47663 nsTreeRange
Release Date
08/25/2011
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Red_hat

Suse

Mozilla

Avaya

Slackware

Ubuntu

Mandriva

Debian

CVSS Score

10.0

Found a potential security threat?