Mozilla Foundation Security Advisory 2015-65

Use-after-free in workers while using XMLHttpRequest

Announced
July 2, 2015
Reporter
Looben Yang
Impact
Critical
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey
Fixed in
  • Firefox 39
  • Firefox ESR 31.8
  • Firefox ESR 38.1
  • Firefox OS 2.2
  • SeaMonkey 2.35

Description

Security researcher Looben Yang used the Address Sanitizer tool to discover two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with either shared or dedicated workers. These errors occur when the XMLHttpRequest object is attached to a worker but that object is incorrectly deleted while still in use. This results in exploitable crashes.

References