Mozilla Foundation Security Advisory 2014-51

Use-after-free in Event Listener Manager

Announced
June 10, 2014
Reporter
Tyson Smith, Jesse Schwartzentruber
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 30
  • SeaMonkey 2.26.1

Description

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free in the event listener manager. This can be triggered by web content and leads to a potentially exploitable crash. This issue was introduced in Firefox 29 and does not affect earlier versions.

References