Use-after-free during HTML5 parsing

2014-12-02T00:00:00
ID MFSA2014-87
Type mozilla
Reporter Mozilla Foundation
Modified 2014-12-02T00:00:00

Description

Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.