The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion.
The product does not correctly convert an object, resource, or structure from one type to a different type.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 47.0.1 |
Firefox_esr | Mozilla | 45.1.1 | 45.1.1 |
Firefox_esr | Mozilla | 45.1.0 | 45.1.0 |
Firefox_esr | Mozilla | 45.2.0 | 45.2.0 |
Firefox_esr | Mozilla | 45.3.0 | 45.3.0 |