Mozilla Foundation Security Advisory 2015-85

Out-of-bounds write with Updater and malicious MAR file

Announced
August 11, 2015
Reporter
Holger Fuhrmannek
Impact
High
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird
Fixed in
  • Firefox 40
  • Firefox ESR 38.2
  • Firefox OS 2.5
  • SeaMonkey 2.35
  • Thunderbird 38.2

Description

Security researcher Holger Fuhrmannek reported that if the Updater opens a MAR format file with a specially crafted name, an out-of-bounds write will occur. This can lead to a potentially exploitable crash but requires that the malicious MAR format file be present on the local system and the Updater to be run to use it.

References