Use-after-free with imgRequestProxy and image proccessing
- February 4, 2014
- Arthur Gerkis
- Firefox, Firefox ESR, SeaMonkey, Thunderbird
- Fixed in
- Firefox 27
- Firefox ESR 24.3
- SeaMonkey 2.24
- Thunderbird 24.3
Security researcher Arthur Gerkis, via TippingPoint's Zero
Day Initiative, reported a use-after-free during image processing from sites
with specific content types in concert with the
function. This causes a potentially exploitable crash.
In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts.