Mozilla Foundation Security Advisory 2015-145

Underflow through code inspection

Announced
December 15, 2015
Reporter
Ronald Crane
Impact
High
Products
Firefox, Firefox ESR, Firefox OS, Thunderbird
Fixed in
  • Firefox 43
  • Firefox ESR 38.5
  • Firefox OS 2.5
  • Thunderbird 38.5

Description

Security researcher Ronald Crane reported an underflow found through code inspection. This does not all have a clear mechanism to be exploited through web content but could be vulnerable if a means can be found to trigger it.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.

References