Use-after-free in synthetic mouse movement

description-logoDescription

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also reported a variant of the same flaw. This issue leads to a potentially exploitable crash.

affected-products-logoAffected Applications

Firefox
Firefox ESR

CVE References

CVE-2013-5613