Mozilla Foundation Security Advisory 2015-29

Code execution through incorrect JavaScript bounds checking elimination

Announced

March 20, 2015

Reporter

ilxu1a

Impact

Critical

Products

Firefox, Firefox ESR, SeaMonkey

Fixed in

Firefox 36.0.3
Firefox ESR 31.5.2
SeaMonkey 2.33.1

Description

Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system.

References

Pwn2Own asm.js exploit (CVE-2015-0817)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2015-29

Code execution through incorrect JavaScript bounds checking elimination

Description

References