Mozilla Foundation Security Advisory 2011-57

Crash when plugin removes itself on Mac OS X

Announced

December 20, 2011

Reporter

Richard Bateman

Impact

High

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

Firefox 9
SeaMonkey 2.6
Thunderbird 9

Description

FireBreath developer Richard Bateman reported a crash on Mac OS X that occurred when a plugin deletes its containing DOM frame during a call from that frame. The observed symptom is a null dereference but we cannot rule out the possibility that content from a scriptable plugin such as Flash could find a way to dereference a more useful address and exploit it.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=649079
CVE-2011-3664

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2011-57

Crash when plugin removes itself on Mac OS X

Description

References