A security issue has been found in Firefox before 83.0 where, if the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash.
A security issue has been found in Firefox before 83.0 where, if the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26960 https://bugzilla.mozilla.org/show_bug.cgi?id=1670358