Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-5254

Source

Mozilla Foundation Security Advisory 2016-70

Use-after-free when using alt key and toplevel menus

Announced

August 2, 2016

Reporter

Abhishek Arya

Impact

Moderate

Products

Firefox, Firefox ESR

Fixed in

Firefox 48
Firefox ESR 45.3

Description

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team reported a use-after-free vulnerability when the alt key is used in conjunction with toplevel menu items in Firefox. This results in a potentially exploitable crash when triggered. This vulnerability is mitigated by not being triggerable by web content, only direct user interaction with the keyboard.

References

Heap-use-after-free in nsXULPopupManager::KeyDown (CVE-2016-5254)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Use-after-free when using alt key and toplevel menus

Use-after-free when using alt key and toplevel menus

Description

References

Vulmon Search

About

Products

Connect