Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team used the Address Sanitizer tool to discover a series of
use-after-free, out of bounds read, and invalid write problems rated as moderate
to critical as security issues in shipped software. Some of these issues are
potentially exploitable, allowing for remote code execution. We would also like
to thank Abhishek for reporting additional use-after-free flaws in
dir=auto
code introduced during Firefox development. These were
fixed before general release.