Mozilla products are vulnerable to memory corruption via simultaneous XPCOM events. This may allow a remote attacker to execute arbitrary code on a vulnerable system.
XPCOM events that occur simultaneously can trigger the use of a deleted timer object, which can cause memory corruption.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. The attacker could also cause the vulnerable application to crash.
This vulnerability was reported by the Mozilla Foundation, who in turn credit Secunia Research.
This document was written by Will Dormann.
|Date First Published:||2006-07-27|
|Date Last Updated:||2007-02-09 14:06 UTC|