The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84.
El ciclo de vida de IPC Actors, permite a actores administrados sobrevivir a sus actores administradores; y los primeros deben asegurarse de que no están intentando usar a un actor eliminado al que presentan en una referencia. Esta comprobación se omitió en WebGL, resultando en un uso de la memoria previamente liberada y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox versiones anteriores a 84
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, bypass security restrictions, spoof the URL bar, or execute arbitrary code. Various other issues were also addressed.
