Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox‘HTMLSourceElement::BindToTree’函数权限许可和访问控制漏洞
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。 Mozilla Firefox 36.0.4及之前版本的‘HTMLSourceElement::BindToTree’函数存在安全漏洞,该漏洞源于程序执行tree-binding操作时,忽略命名空间验证后没有正确限制数据类型。远程攻击者可借助带有SOURCE元素的特制的HTML文档利用该漏洞执行任意代码,或造成拒绝服务(释放后重用)。
CVSS Information
N/A
Vulnerability Type
N/A