Use-after-free in IndexedDB

2015-02-24T00:00:00
ID MFSA2015-16
Type mozilla
Reporter Mozilla Foundation
Modified 2015-02-24T00:00:00

Description

Security researcher Paul Bandha used the used the Address Sanitizer tool to discover a use-after-free vulnerability when running specific web content with IndexedDB to create an index. This leads to a potentially exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.