"Title: Re-use of freed object due to scope confusion
Announced: April 1, 2010
Reporter: Nils (MWR InfoSecurity)
Fixed in: Firefox 3.6.3
A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.
Note: The contest winning exploit only affects Firefox 3.6 and not earlier versions. We will be patching Firefox 3.5 in an upcoming release just in case there is an alternate way of triggering the bug."
Clubhouse Tags: Clubhouse, Security, Vulnerabilities, Updates, Information
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...