Mozilla Foundation Security Advisory 2015-53

Use-after-free due to Media Decoder Thread creation during shutdown

Announced
May 12, 2015
Reporter
Tyson Smith, Jesse Schwartzentruber
Impact
Moderate
Products
Firefox, Firefox OS, SeaMonkey
Fixed in
  • Firefox 38
  • Firefox OS 2.2
  • SeaMonkey 2.35

Description

Security researchers Tyson Smith and Jesse Schwartzentruber reported a use-after-free during the shutdown process. This was caused by a race condition when media decoder threads are created during the shutdown process in some circumstances. This leads to a potentially exploitable crash when triggered.

References