Mozilla Foundation Security Advisory 2013-114
Title: Use-after-free in synthetic mouse
Announced: December 10, 2013
Reporter: Tyson Smith, Jesse Schwartzentruber, Atte Kettunen
Products: Firefox, Thunderbird, Seamonkey
Fixed in: Firefox 26
Firefox ESR 24.2
Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also reported a variant of the same flaw. This issue leads to a potentially exploitable crash.
In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts.