VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the JS engine when processing "BumpChunk" objects while the browser is under a memory pressure, which could be exploited to leak arbitrary memory and/or achieve code execution via a malicious web page. Affected include Mozilla Firefox versions prior to 28, Mozilla Firefox ESR versions prior to 24.4, Mozilla Thunderbird versions prior to 24.4, and Mozilla Seamonkey versions prior to 2.25.
8ec37d142ffe45019d55b44766e907b9f25a969d41aa3e74ea5c6edf7eb66567VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing
Use-after-free (Pwn2Own)
Website : https://www.vupen.com
Twitter : https://twitter.com/vupen
I. BACKGROUND
---------------------
"Mozilla Firefox is a free and open-source web browser developed for
Windows, OS X, and Linux, with a mobile version for Android, by the
Mozilla Foundation and its subsidiary, the Mozilla Corporation.
As of February 2014, Firefox has between 12% and 22% of worldwide
usage, according to different sources." (Wikipedia)
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
in Mozilla Firefox.
The vulnerability is caused by a use-after-free error in the JS engine
when processing "BumpChunk" objects while the browser is under a memory
pressure, which could be exploited to leak arbitrary memory and/or
achieve code execution via a malicious web page.
III. AFFECTED PRODUCTS
---------------------------
Mozilla Firefox versions prior to 28
Mozilla Firefox ESR versions prior to 24.4
Mozilla Thunderbird versions prior to 24.4
Mozilla Seamonkey versions prior to 2.25
IV. SOLUTION
----------------
Upgrade to Firefox v28, Firefox ESR v24.4, Thunderbird v24.4 and
Seamonkey v2.25.
V. CREDIT
--------------
This vulnerability was discovered by VUPEN Security.
VI. ABOUT VUPEN Security
---------------------------
VUPEN is the leading provider of defensive and offensive cyber security
intelligence and advanced zero-day research. All VUPEN's vulnerability
intelligence results exclusively from its internal and in-house R&D
efforts conducted by its team of world-class researchers.
VUPEN Solutions: https://www.vupen.com/english/services/
VII. REFERENCES
----------------------
https://www.mozilla.org/security/announce/2014/mfsa2014-30.html
VIII. DISCLOSURE TIMELINE
-----------------------------
2014-01-19 - Vulnerability Discovered by VUPEN Security
2014-03-12 - Vulnerability Reported to Mozilla/ZDI During Pwn2Own 2014
2014-03-18 - Vulnerability Fixed by Mozilla
2014-03-26 - Public disclosure
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed