Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2016-47

Write to invalid HashMap entry through JavaScript.watch()

Announced
April 26, 2016
Reporter
CESG
Impact
High
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 46
  • Firefox ESR 38.8
  • Firefox ESR 45.1

Description

The CESG, the Information Security Arm of GCHQ, reported that the JavaScript .watch() method could be used to overflow the 32-bit generation count of the underlying HashMap, resulting in a write to an invalid entry. Under the right conditions this write could lead to arbitrary code execution. The overflow takes considerable time and a malicious page would require a user to keep it open for the duration of the attack.

References