Mozilla Foundation Security Advisory 2017-14

Use after free in ANGLE

Announced
May 5, 2017
Impact
high
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 53.0.2
  • Firefox ESR 52.1.1

#CVE-2017-5031: Use after free in ANGLE

Reporter
Bob Clary, Looben Yang
Impact
high
Description

A use-after-free can occur during Buffer11 API calls within the ANGLE graphics library, used for WebGL content. This can lead to a potentially exploitable crash.
Note: This issue is in libGLES, which is only in use on Windows. Other operating systems are not affected.

References