Public exploit · Metasploit Module
Mozilla Firefox Array.reduceRight() Integer Overflow
Exploit summary
This module exploits a vulnerability in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution.
Source & references