Mozilla Foundation Security Advisory 2015-90

Vulnerabilities found through code inspection

Announced
August 11, 2015
Reporter
Ronald Crane
Impact
High
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird
Fixed in
  • Firefox 40
  • Firefox ESR 38.2
  • Firefox OS 2.2
  • Firefox OS 2.5
  • SeaMonkey 2.35
  • Thunderbird 38.2

Description

Security researcher Ronald Crane reported three vulnerabilities affecting released code that were found through code inspection. These included one use of unowned memory, one use of a deleted object, and one memory safety bug. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.

References