Endpoint Vulnerability

Use-after-free in Content Policy due to microtask execution error

Description

Security researcher Herre reported a use-after-free vulnerability when a Content Policy modifies the Document Object Model to remove a DOM object, which is then used afterwards due to an error in microtask implementation. This leads to an exploitable crash.

Affected Products

Thunderbird

References

CVE-2015-2731,