Mozilla Foundation Security Advisory 2014-46

Use-after-free in nsHostResolver

Announced
April 29, 2014
Reporter
Tyson Smith, Jesse Schwartzentruber
Impact
High
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird
Fixed in
  • Firefox 29
  • Firefox ESR 24.5
  • SeaMonkey 2.26
  • Thunderbird 24.5

Description

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash.

References