Security researcher lokihardt, working with HP's Zero Day Initiative,
reported a use-after-free issue in the SetBody
function of
HTMLDocument
. This results in a potentially exploitable crash.
In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.