Mozilla Foundation Security Advisory 2015-62

Out-of-bound read while computing an oscillator rendering range in Web Audio

Announced
July 2, 2015
Reporter
Holger Fuhrmannek
Impact
Moderate
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey
Fixed in
  • Firefox 39
  • Firefox ESR 38.1
  • Firefox OS 2.2
  • SeaMonkey 2.35

Description

Security researcher Holger Fuhrmannek used the Address Sanitizer tool to discover an out-of-bound read while computing an oscillator rendering range in Web Audio. This could allow an attacker to infer the contents of four bytes of memory.

References