Use-after-free vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey allows remote attackers to cause denial of service or execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call.

Use-after-free vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey allows remote attackers to cause denial of service or execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call.

CVE-2012-0452 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.

Learn more about our Cis Benchmark Audit For Bind.