Mozilla Foundation Security Advisory 2015-05

Read of uninitialized memory in Web Audio

Announced
January 13, 2015
Reporter
Holger Fuhrmannek
Impact
Moderate
Products
Firefox, Firefox OS, SeaMonkey
Fixed in
  • Firefox 35
  • Firefox OS 2.2
  • SeaMonkey 2.32

Description

Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover a crash in Web Audio while manipulating timelines. This allowed for the a small block of memory with an uninitialized pointer to be read. The crash it not exploitable.

References