Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox prior to 39.0, Firefox ESR 38.x prior to 38.1, and Thunderbird prior to 38.1 allows remote malicious users to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla thunderbird |
||
oracle solaris 11.3 |
||
mozilla firefox esr 31.5.2 |
||
mozilla firefox esr 31.5.1 |
||
mozilla firefox esr 31.1 |
||
mozilla firefox esr 31.0 |
||
mozilla firefox esr 38.0 |
||
mozilla firefox esr 31.7.0 |
||
mozilla firefox esr 31.3.0 |
||
mozilla firefox esr 31.3 |
||
mozilla firefox esr 31.2 |
||
mozilla firefox esr 31.5 |
||
mozilla firefox esr 31.4 |
||
mozilla firefox esr 31.6.0 |
||
mozilla firefox esr 31.5.3 |
||
mozilla firefox esr 31.1.1 |
||
mozilla firefox esr 31.1.0 |