Mozilla Foundation Security Advisory 2015-97

Memory leak in mozTCPSocket to servers

Announced
September 22, 2015
Reporter
David Chan
Impact
Moderate
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 41
  • SeaMonkey 2.38

Description

Security researcher David Chan reported that Mozilla's mozTCPSocket implementation could leak data past the end of an array, allowing for the potential exposure of memory or private data to malicious servers.

This feature is used by Firefox OS and is disabled by default in Firefox on other operating systems.

References