Mozilla Foundation Security Advisory 2009-54

Crash with recursive web-worker calls

Announced
October 27, 2009
Reporter
Orlando Berrera
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 3.5.4

Description

Security researcher Orlando Berrera of Sec Theory reported that recursive creation of JavaScript web-workers can be used to create a set of objects whose memory could be freed prior to their use. These conditions often result in a crash which could potentially be used by an attacker to run arbitrary code on a victim's computer.

Web Workers were introduced in Firefox 3.5 so this vulnerability did not affect earlier releases such as Firefox 3.

References