Mozilla Foundation Security Advisory 2015-50

Out-of-bounds read and write in asm.js validation

Announced
May 12, 2015
Reporter
Dougall Johnson
Impact
Critical
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 38
  • SeaMonkey 2.35

Description

Security researcher Dougall Johnson reported an out-of-bounds read and write in asm.js during JavaScript validation due to an error in how heap lengths are defined. This results in a potentially exploitable crash and could allow for the reading of random memory which may contain sensitive data.

References