|Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before
3.6.2, and SeaMonkey before 2.0.4, frees the contents of the
window.navigator.plugins array while a reference to an array element
is still active, which allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via unspecified
vectors, related to a "dangling pointer vulnerability."