Mozilla Foundation Security Advisory 2016-56

Use-after-free when textures are used in WebGL operations after recycle pool destruction

Announced

June 7, 2016

Reporter

jomo

Impact

High

Products

Firefox, Firefox ESR

Fixed in

Firefox 47
Firefox ESR 45.2

Description

Mozilla community member jomo reported a use-after-free crash when processing WebGL content. This issue was caused by the use of a texture after its recycle pool has been destroyed during WebGL operations, which frees the memory associated with the texture. This results in a potentially exploitable crash when the texture is later called.

References

Crash when zooming out on a three.js demo (CVE-2016-2828)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2016-56

Use-after-free when textures are used in WebGL operations after recycle pool destruction

Description

References