Use-after-free during XML transformations (MFSA-2016-27)

Disclosed: 2017-10-21 16:44:58 By agarri_fr To torproject

Unknown

Vulnerability Details

Hello, I'm not sure how to understand the rules regarding "Bonus over Base Bounty/Mozilla Bounty for code execution exploits". Are vulnerabilities affecting Firefox ESR 38.7 covered by this section? If yes, you may be interested by MFSA 2016-27 aka CVE-2016-1964: https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/ Live PoC at http://nicob.net/firefox-aeshooT3/Bug-2/AtomicBaseIncDec-write_av_at_null.xml

Actions

View on HackerOne

Report Stats

Report ID: 126797
State: Closed
Substate: informative
Upvotes: 10

Use-after-free during XML transformations (MFSA-2016-27)

Vulnerability Details

Actions

Report Stats

Share this report