Mozilla

Mozilla

Mozilla Foundation Security Advisory 2014-52

Use-after-free with SMIL Animation Controller

Announced
June 10, 2014
Reporter
Nils
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird
Fixed in
  • Firefox 30
  • Firefox ESR 24.6
  • SeaMonkey 2.26.1
  • Thunderbird 24.6

Description

Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird and Seamonky products because scripting is disabled, but is potentially a risk in browser or browser-like contexts.

References