Mozilla Firefox CVE-2016-5259 Use After Free Vulnerability
Description
Security researcher Looben Yang discovered a use-after-free vulnerability when working with nested sync event loops in Service Workers. He discovered a mechanism where scripts can close their own worker, which will then trigger a synchronization XMLHttpRequest on this now closed and released worker. This results in a potentially exploitable crash when triggered.
Affected Applications
Firefox
Firefox ESR