firefox: arbitrary code execution

ID ASA-201504-24
Type archlinux
Reporter Arch Linux
Modified 2015-04-22T00:00:00


Mozilla developer Robert Kaiser reported that a specially crafted HTML, when loaded by the target user, will trigger a use-after-free race condition when a plugin fails to initialize, which may lead to a memory corruption error in AsyncPaintWaitEvent::AsyncPaintWaitEvent() and arbitrary code execution on the target system.