Mozilla Foundation Security Advisory 2013-114

Use-after-free in synthetic mouse movement

Announced
December 10, 2013
Reporter
Tyson Smith, Jesse Schwartzentruber, Atte Kettunen
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird
Fixed in
  • Firefox 26
  • Firefox ESR 24.2
  • SeaMonkey 2.23
  • Thunderbird 24.2

Description

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also reported a variant of the same flaw. This issue leads to a potentially exploitable crash.

In general these flaws cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts.

References