Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 85.0 (excluding) |
Firefox_esr | Mozilla | * | 78.7 (excluding) |
Thunderbird | Mozilla | * | 78.7 (excluding) |