Use-after-free during HTML5 parsing

ID MFSA2014-87
Type mozilla
Reporter Mozilla Foundation
Modified 2014-12-02T00:00:00


Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.