Mozilla Foundation Security Advisory 2016-42

Use-after-free and buffer overflow in Service Workers

Announced
April 26, 2016
Reporter
Looben Yang
Impact
High
Products
Firefox
Fixed in
  • Firefox 46

Description

Security researcher Looben Yang reported two issues discovered in Service Workers using Address Sanitizer.

The first of these is a use-after-free vulnerability caused by a ServiceWorkerInfo object being kept active beyond the life its owning registration. When it is later called through this registration, a use-after-free results.

In the second issue, a race condition leading to a buffer overflow was found in the ServiceWorkerManager. This leads to a potentially exploitable crash when triggered.

References