Endpoint Vulnerability

Use-after-free in event listeners

Description

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash.

Affected Products

Thunderbird

References

CVE-2013-5616,