Mozilla Foundation Security Advisory 2016-70

Use-after-free when using alt key and toplevel menus

Announced
August 2, 2016
Reporter
Abhishek Arya
Impact
Moderate
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 48
  • Firefox ESR 45.3

Description

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team reported a use-after-free vulnerability when the alt key is used in conjunction with toplevel menu items in Firefox. This results in a potentially exploitable crash when triggered. This vulnerability is mitigated by not being triggerable by web content, only direct user interaction with the keyboard.

References