Mozilla Foundation Security Advisory 2016-42

Use-after-free and buffer overflow in Service Workers

Announced

April 26, 2016

Reporter

Looben Yang

Impact

High

Products

Firefox

Fixed in

Firefox 46

Description

Security researcher Looben Yang reported two issues discovered in Service Workers using Address Sanitizer.

The first of these is a use-after-free vulnerability caused by a ServiceWorkerInfo object being kept active beyond the life its owning registration. When it is later called through this registration, a use-after-free results.

In the second issue, a race condition leading to a buffer overflow was found in the ServiceWorkerManager. This leads to a potentially exploitable crash when triggered.

References

Service Worker - Use After Free in BeginReading() (CVE-2016-2811)
Service Worker - Buffer overflow in get() (CVE-2016-2812)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2016-42

Use-after-free and buffer overflow in Service Workers

Description

References