Use-after-free with SMIL Animation Controller
- June 10, 2014
- Firefox, Firefox ESR, SeaMonkey, Thunderbird
- Fixed in
- Firefox 30
- Firefox ESR 24.6
- SeaMonkey 2.26.1
- Thunderbird 24.6
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash.
In general this flaw cannot be exploited through email in the Thunderbird and Seamonky products because scripting is disabled, but is potentially a risk in browser or browser-like contexts.