openSUSE-SU-2012:0258-1 -- Suse MozillaFirefoxID: oval:org.secpod.oval:def:400393 | Date: (C)2012-12-31 (M)2021-09-12 |
Class: PATCH | Family: unix |
MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue. Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. Firefox 9 and earlier are not affected by this vulnerability. https://www.mozilla.org/security/announce/2012/mfsa2012-10.h tml