Mozilla Foundation Security Advisory 2015-23

Use-after-free in Developer Console date with OpenType Sanitiser

Announced
February 24, 2015
Reporter
Atte Kettunen
Impact
Low
Products
Firefox
Fixed in
  • Firefox 36

Description

Using the Address Sanitizer tool, security researcher Atte Kettunen found a problem with OpenType Sanitiser (OTS) that resulted in a use-after-free while expanding macros in some circumstances. This use-after-free was only used for information displayed in the developer console and was not exploitable.

References