Mozilla

Mozilla Foundation Security Advisory 2015-45

Memory corruption during failed plugin initialization

Announced
April 20, 2015
Reporter
Robert Kaiser
Impact
High
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 37.0.2
  • SeaMonkey 2.35

Description

Mozilla developer Robert Kaiser (Kairo) reported that a race condition when initialization of a plugin fails led to a potentially exploitable use-after-free vulnerability.

References