Mozilla Foundation Security Advisory 2015-106

Use-after-free while manipulating HTML media content

Announced
September 22, 2015
Reporter
Anonymous
Impact
Critical
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird
Fixed in
  • Firefox 41
  • Firefox ESR 38.3
  • Firefox OS 2.5
  • SeaMonkey 2.38
  • Thunderbird 38.3

Description

An anonymous researcher reported, via HP's Zero Day Initiative, a use-after-free vulnerability with HTML media elements on a page during script manipulation of the URI table of these elements. This results in a potentially exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.

References