Mozilla Foundation Security Advisory 2015-77

Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer

Announced

August 6, 2015

Reporter

Julian Hector

Impact

Low

Products

Firefox OS

Fixed in

Firefox OS 2.2

Description

Mozilla intern Julian Hector discovered a regression in the graphics buffer management of Firefox OS's graphics layer that would lead to graphics memory corruption by providing negative size parameters. JavaScript can not access the graphics layer in a way required to trigger this vulnerability, but it could be potentially used in a staged attack.

References

Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising