Endpoint Vulnerability

Use-after-free when using alt key and toplevel menus

Description

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team reported a use-after-free vulnerability when the alt key is used in conjunction with toplevel menu items in Firefox. This results in a potentially exploitable crash when triggered. This vulnerability is mitigated by not being triggerable by web content, only direct user interaction with the keyboard.

Affected Products

Firefox,Firefox ESR

References

CVE-2016-5254,