Endpoint Vulnerability

NativeKey continues handling key messages after widget is destroyed

Description

Mozilla developer Masayuki Nakano discovered that the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners. This could result in some key events being applied to other objects or plugins if the widget memory is reallocated to them, leading to a non-exploitable crash.

Affected Products

Thunderbird

References

CVE-2013-1723,