Mozilla Foundation Security Advisory 2016-79

Use-after-free when applying SVG effects

Announced
August 2, 2016
Reporter
Nils
Impact
High
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 48
  • Firefox ESR 45.3

Description

Security researcher Nils used the Address Sanitizer tool to discover a use-after-free vulnerability when applying effects to SVG elements. This results in a potentially exploitable crash.

References