Mozilla Foundation Security Advisory 2016-26

Memory corruption when modifying a file being read by FileReader

Announced
March 8, 2016
Reporter
Oriol
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 45

Description

Security researcher Oriol reported memory corruption when local files are modified (by either the user or another program) at the same time being read using the FileReader API. This flaw requires that input be taken from a local file in order to be triggered and cannot be triggered by web content. This results in a potentially exploitable crash when triggered.

References