Mozilla Foundation Security Advisory 2015-81

Use-after-free in MediaStream playback

Announced
August 11, 2015
Reporter
SkyLined
Impact
Critical
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey
Fixed in
  • Firefox 40
  • Firefox ESR 38.7
  • Firefox OS 2.5
  • SeaMonkey 2.38

Description

Security researcher SkyLined reported a use-after-free issue in how audio is handled through the Web Audio API during MediaStream playback through interactions with the Web Audio API. This results in a potentially exploitable crash.

References