Use-after-free vulnerability in the nsRefreshDriver::Tick...
Critical severity
Unreviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Oct 21, 2024
Description
Published by the National Vulnerability Database
Sep 22, 2016
Published to the GitHub Advisory Database
May 14, 2022
Last updated
Oct 21, 2024
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
References