Mozilla Firefox CVE-2016-5259 Use After Free Vulnerability

description-logoDescription

Security researcher Looben Yang discovered a use-after-free vulnerability when working with nested sync event loops in Service Workers. He discovered a mechanism where scripts can close their own worker, which will then trigger a synchronization XMLHttpRequest on this now closed and released worker. This results in a potentially exploitable crash when triggered.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2016-5259