Use-after-free and buffer overflow in Service Workers
- April 26, 2016
- Looben Yang
- Fixed in
- Firefox 46
Security researcher Looben Yang reported two issues discovered in Service Workers using Address Sanitizer.
The first of these is a use-after-free vulnerability caused by a
ServiceWorkerInfo object being kept active beyond the life its owning
registration. When it is later called through this registration, a use-after-free results.
In the second issue, a race condition leading to a buffer overflow was found in the
ServiceWorkerManager. This leads to a potentially exploitable crash when