|
|
|
|
| |
Credit:
The information has been provided by regenrecht.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-265/
|
| |
Vulnerable Systems:
* Mozilla Firefox 3.6.x
The specific flaw exists within Firefox's management of the JSSLOT_ARRAY_COUNT annotation. This value represents the number of items filled within a given Array object. If an attacker creates an array to a high enough value, an initialization routine can be made to mis-allocate a buffer. This can be abused by an attacker to corrupt memory and subsequently execute arbitrary code under the context of the user running the browser.
Patch Availability:
Mozilla Firefox has issued an update to correct this vulnerability. More details can be found at:
http://www.mozilla.org/security/announce/2010/mfsa2010-81.html
CVE Information:
CVE-2010-3767
Disclosure Timeline:
2010-09-24 - Vulnerability reported to vendor
2010-12-09 - Coordinated public release of advisory
|
|
|
|
|
