Mozilla Foundation Security Advisory 2011-37

Integer underflow when using JavaScript RegExp

Announced
September 27, 2011
Reporter
Mark Kaplan
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 3.6.23

Description

Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem.

The Regular Expression engine was replaced in Firefox 4 and the newer engine does not suffer from this bug.

References