Endpoint Vulnerability

Use-after-free when displaying table with many columns and column groups


Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash.

Affected Products

Firefox,Firefox ESR