Endpoint Vulnerability

Use-after-free in DirectWrite font handling

Description

Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash.

Affected Products

Thunderbird

References

CVE-2014-1551,