A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 67.0 | |
firefox_esr | lt | 60.7 | |
thunderbird | lt | 60.7 |