Description
Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2012/mfsa2012-41.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=739343
Scores
EPSS
0.0185
EPSS Percentile
76.7%
Details
CWE
CWE-399
Status
published
Products (30)
mozilla/firefox
4.0 (13 CPE variants)
mozilla/firefox
4.0.1
mozilla/firefox
5.0
mozilla/firefox
5.0.1
mozilla/firefox
6.0
mozilla/firefox
6.0.1
mozilla/firefox
6.0.2
mozilla/firefox
7.0
mozilla/firefox
7.0.1
mozilla/firefox
8.0
... and 20 more
Published
Jun 18, 2012
Tracked Since
Feb 18, 2026