Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2009-54

Crash with recursive web-worker calls

Announced
October 27, 2009
Reporter
Orlando Berrera
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 3.5.4

Description

Security researcher Orlando Berrera of Sec Theory reported that recursive creation of JavaScript web-workers can be used to create a set of objects whose memory could be freed prior to their use. These conditions often result in a crash which could potentially be used by an attacker to run arbitrary code on a victim's computer.

Web Workers were introduced in Firefox 3.5 so this vulnerability did not affect earlier releases such as Firefox 3.

References