Headline
CVE-2015-2713: Use-after-free during text processing with vertical text enabled
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
Mozilla Foundation Security Advisory 2015-51
Announced
May 12, 2015
Reporter
Scott Bell
Impact
Critical
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird
Fixed in
- Firefox 38
- Firefox ESR 31.7
- Firefox OS 2.2
- SeaMonkey 2.35
- Thunderbird 31.7
- Thunderbird 38.0.1
Description
Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free error during the processing of text when vertical text is enabled. This leads to a potentially exploitable crash.
References
- heap-use-after-free in SetBreaks (CVE-2015-2713)