The Mozilla Foundation Security Advisory describes this flaw as: When interacting with an HTML input element’s file picker dialog with webkitdirectory
set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash.