Endpoint Vulnerability

Writing to cycle collected object during image decoding

Description

Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition.

Affected Products

Firefox,Firefox ESR

References

CVE-2013-5596,