Endpoint Vulnerability

Use-after-free when resizing canvas element during restyling


Mozilla community member Jean-Max Reymond discovered a use-after-free vulnerability with a element on a page. This occurs when a resize event is triggered in concert with style changes but the canvas references have been recreated in the meantime, destroying the originally referenced context. This results in an exploitable crash.

Affected Products

Firefox,Firefox ESR