Mozilla Foundation Security Advisory 2014-11

Crash when using web workers with asm.js

Announced
February 4, 2014
Reporter
Soeren Balko
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey
Fixed in
  • Firefox 27
  • Firefox ESR 24.4
  • SeaMonkey 2.24

Description

Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable.

In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled in mail, but is potentially a risk in browser or browser-like contexts.

References