• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-37

Mozilla Foundation Security Advisory 2011-37

Title: Integer underflow when using JavaScript RegExp
Impact: Critical
Announced: September 27, 2011
Reporter: Mark Kaplan
Products: Firefox 3.6

Fixed in: Firefox 3.6.23

Description

Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem.

The Regular Expression engine was replaced in Firefox 4 and the newer engine does not suffer from this bug.

References

• Crash in SpiderMonkey v.1.9.2 during regular expression evaluation
• CVE-2011-2998