Calling scope for new Javascript objects can lead to memory corruption
Description
Mozilla community member Ms2ger found a mechanism where a new Javascript object with a compartment is uninitialized could be entered through web content. When the scope for this object is called, it leads to a potentially exploitable crash.
Affected Applications
Thunderbird
Thunderbird ESR