Closed Bug 883605 Opened 6 years ago Closed 6 years ago
Mozilla firefox 21
.0 use after free
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0 (Beta/Release) Build ID: 20130511120803 Steps to reproduce: I created a test script in mozilla firefox Actual results: firefox get crashed and get a heap spray which is can be contoled yto exucute a code
This looks similar to bug 664009. The core of this seems to be reduceRight on an array.
Assignee: nobody → general
Product: Firefox → Core
This test case is pretty much identical to one you find when you google "firefox reduceRight exploit", in reference to CVE-2011-2371, so I'm going to assume this is a dupe...
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: CVE-2011-2371
You need to log in before you can comment on or make changes to this bug.