Memory corruption involving scrolling
- September 17, 2013
- Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
- Fixed in
- Firefox 24
- Firefox ESR 17.0.9
- SeaMonkey 2.21
- Thunderbird 24
- Thunderbird ESR 17.0.9
Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents.
In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.