A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash.

https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/