Endpoint Vulnerability

Use-after-free in WebRTC when datachannel is used after being destroyed


Security researcher Looben Yang reported a use-after-free error in WebRTC that occurs due to timing issues in WebRTC when closing channels. WebRTC may still believe is has a datachannel open after another WebRTC function has closed it. This results in attempts to use the now destroyed datachannel, leading to a potentially exploitable crash.

Affected Products

Firefox ESR