Soeren Balko reported a crash when
terminating a web worker running asm.js
code after passing an
object between threads. This crash is potentially exploitable.
In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts.