Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Thunderbird | Mozilla | * | 31.4 (including) |
| Thunderbird | Mozilla | 31.0 (including) | 31.0 (including) |
| Thunderbird | Mozilla | 31.1.2 (including) | 31.1.2 (including) |
| Thunderbird | Mozilla | 31.2 (including) | 31.2 (including) |
| Thunderbird | Mozilla | 31.3 (including) | 31.3 (including) |
| Red Hat Enterprise Linux 5 | RedHat | firefox-0:31.5.0-1.el5_11 | * |
| Red Hat Enterprise Linux 5 | RedHat | thunderbird-0:31.5.0-1.el5_11 | * |
| Red Hat Enterprise Linux 6 | RedHat | firefox-0:31.5.0-1.el6_6 | * |
| Red Hat Enterprise Linux 6 | RedHat | thunderbird-0:31.5.0-1.el6_6 | * |
| Red Hat Enterprise Linux 7 | RedHat | firefox-0:31.5.0-2.el7_0 | * |
| Red Hat Enterprise Linux 7 | RedHat | xulrunner-0:31.5.0-1.el7_0 | * |
| Red Hat Enterprise Linux 7 | RedHat | firefox-0:31.5.0-2.ael7b_1 | * |
| Red Hat Enterprise Linux 7 | RedHat | thunderbird-0:31.5.0-2.ael7b_1 | * |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | lucid | * |
| Firefox | Ubuntu | precise | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | utopic | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | lucid | * |
| Thunderbird | Ubuntu | precise | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | utopic | * |