Mozilla

Mozilla Foundation Security Advisory 2016-27

Use-after-free during XML transformations

Announced
March 8, 2016
Reporter
Nicolas Grégoire
Impact
Critical
Products
Firefox, Firefox ESR, Thunderbird
Fixed in
  • Firefox 45
  • Firefox ESR 38.7
  • Thunderbird 38.7
  • Thunderbird 45

Description

Security researcher Nicolas Grégoire used the Address Sanitizer to find a use-after-free during XML transformation operations. This results in a potentially exploitable crash triggerable by web content.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.

References