CVE-2016-5280: Mozilla: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap (MFSA 2016-85, MFSA 2016-86)

Severity: Critical

CVSS Score: 9.8

Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.