Mozilla Foundation Security Advisory 2014-08

Use-after-free with imgRequestProxy and image proccessing

Announced
February 4, 2014
Reporter
Arthur Gerkis
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird
Fixed in
  • Firefox 27
  • Firefox ESR 24.3
  • SeaMonkey 2.24
  • Thunderbird 24.3

Description

Security researcher Arthur Gerkis, via TippingPoint's Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts.

References