Mozilla Foundation Security Advisory 2015-06

Read-after-free in WebRTC

Announced
January 13, 2015
Reporter
Mitchell Harper
Impact
Critical
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey
Fixed in
  • Firefox 35
  • Firefox ESR 31.4
  • Firefox OS 2.2
  • SeaMonkey 2.32

Description

Security researcher Mitchell Harper discovered a read-after-free in WebRTC due to the way tracks are handled. This results in a either a potentially exploitable crash or incorrect WebRTC behavior.

References