Security researcher Paul Bandha used the used the Address Sanitizer tool to discover a use-after-free vulnerability when running specific web content with IndexedDB to create an index. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2015-16 Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Bandha as the original reporter.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 7 Via RHSA-2015:0265 https://rhn.redhat.com/errata/RHSA-2015-0265.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2015:0266 https://rhn.redhat.com/errata/RHSA-2015-0266.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 for PPC64 LE Via RHSA-2015:0629 https://access.redhat.com/errata/RHSA-2015:0629
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0642 https://rhn.redhat.com/errata/RHSA-2015-0642.html