Endpoint Vulnerability

Use-after-free during HTML5 parsing

Description

Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash.

Affected Products

Firefox,Firefox ESR

References

CVE-2014-1592,