Use-after-free in Content Policy due to microtask execution error

2015-07-02T00:00:00
ID MFSA2015-63
Type mozilla
Reporter Mozilla Foundation
Modified 2015-07-02T00:00:00

Description

Security researcher Herre reported a use-after-free vulnerability when a Content Policy modifies the Document Object Model to remove a DOM object, which is then used afterwards due to an error in microtask implementation. This leads to an exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.