Use-after-free vulnerability in Mozilla Firefox and Thunderbird allows remote code execution

Use-after-free vulnerability in Mozilla Firefox and Thunderbird allows remote code execution

CVE-2015-2731 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.