Mozilla Foundation Security Advisory 2013-109

Use-after-free during Table Editing

Announced
December 10, 2013
Reporter
Nils
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird
Fixed in
  • Firefox 26
  • Firefox ESR 24.2
  • SeaMonkey 2.23
  • Thunderbird 24.2

Description

Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash.

References