Endpoint Vulnerability

Use-after-free in HTML Editor

Description

VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution.

Affected Products

Firefox,Firefox ESR

References

CVE-2013-0787,