Firefox onreadystatechange Use-after-free Vulnerability
Firefox supports various DOM events, which may occur when changes to the structure or contents of the document are made or when user actions are detected. Some of the events supported by the browser are character input and clipboard events; load, unload and state events; form events; mouse events and scrolling; move and drag events; resize events; activation and focus events and selection events.
A use-after-free vulnerability exists in Mozilla Firefox. Mozilla Firefox before 22.0 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
Dell SonicWALL Threat team has researched this vulnerability and released the following IPS signatures to address the issue:
- 4169 Mozilla Firefox onreadystatechange use after free Attack
- 6207 HTTP Client Shellcode Exploit 42a
This vulnerability is referred by CVE as CVE-2013-1690.