Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
Published: 2020-04-04
Researchers report multiple zero-day vulnerabilities in Mozilla Firefox and note that other browsers are also affected.
https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective
https://www.mozilla.org/security/advisories/mfsa2020-14/
https://www.mozilla.org/security/advisories/mfsa2020-11/