Mozilla Foundation Security Advisory 2015-51

Use-after-free during text processing with vertical text enabled

Announced
May 12, 2015
Reporter
Scott Bell
Impact
Critical
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird
Fixed in
  • Firefox 38
  • Firefox ESR 31.7
  • Firefox OS 2.2
  • SeaMonkey 2.35
  • Thunderbird 31.7
  • Thunderbird 38.0.1

Description

Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free error during the processing of text when vertical text is enabled. This leads to a potentially exploitable crash.

References