Mozilla Foundation Security Advisory 2016-51

Use-after-free deleting tables from a contenteditable document

Announced

June 7, 2016

Reporter

firehack

Impact

High

Products

Firefox, Firefox ESR

Fixed in

Firefox 47
Firefox ESR 45.2

Description

Security researcher firehack used the Address Sanitizer tool to discover a use-after-free in contenteditable mode. This occurs when deleting document object model (DOM) table elements created within the editor and results in a potentially exploitable crash.

References

Heap-use-after-free mozilla::dom::Element (CVE-2016-2821)

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising