Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
AV:N/AC:L/Au:N/C:C/I:C/A:CMozilla Firefox
APPMozilla17.017.0.117.0.217.0.317.0.417.0.517.0.619.019.0.119.0.220.020.0.1≤ 21.0Mozilla Thunderbird
APPMozilla17.017.0.117.0.217.0.317.0.417.0.5≤ 17.0.6Mozilla Thunderbird Esr
APPMozilla17.017.0.117.0.217.0.317.0.417.0.517.0.6
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...