Mozilla Firefox onreadystatechange Event Use After Free

Added: 08/22/2013
CVE: CVE-2013-1690
BID: 60778
OSVDB: 94584

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

A use-after-free vulnerability is triggered when handling onreadystatechange events and Event or Page reloads at the same time. A remote attacker that persuades a user to open a scpecially crafted page could potentially execute arbitrary code in the context of the vulnerable user.

Resolution

Upgrade to Firefox 22.0 or newer.

References

http://www.mozilla.org/security/announce/2013/mfsa2013-53.html

Limitations

This exploit was tested against Mozilla Firefox 17.0.1 and 21.0 on Windows XP SP3 English (DEP OptIn).

The user must load the exploit page in a vulnerable version of Firefox.

Platforms

Windows

Back to exploit index