Red Hat Bugzilla – Bug 1291585
CVE-2015-7210 Mozilla: Use-after-free in WebRTC when datachannel is used after being destroyed (MFSA 2015-138)
Last modified: 2016-01-05 05:00:24 EST
Security researcher Looben Yang reported a use-after-free error in WebRTC that occurs due to timing issues in WebRTC when closing channels. WebRTC may still believe is has a datachannel open after another WebRTC function has closed it. This results in attempts to use the now destroyed datachannel, leading to a potentially exploitable crash.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 5
Via RHSA-2015:2657 https://rhn.redhat.com/errata/RHSA-2015-2657.html