Mozilla Foundation Security Advisory 2016-73

Use-after-free in service workers with nested sync events

Announced
August 2, 2016
Reporter
Looben Yang
Impact
Critical
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 48
  • Firefox ESR 45.3

Description

Security researcher Looben Yang discovered a use-after-free vulnerability when working with nested sync event loops in Service Workers. He discovered a mechanism where scripts can close their own worker, which will then trigger a synchronization XMLHttpRequest on this now closed and released worker. This results in a potentially exploitable crash when triggered.

References