Mozilla Foundation Security Advisory 2015-77

Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer

Announced

August 6, 2015

Reporter

Julian Hector

Impact

Low

Products

Firefox OS

Fixed in

Firefox OS 2.2

Description

Mozilla intern Julian Hector discovered a regression in the graphics buffer management of Firefox OS's graphics layer that would lead to graphics memory corruption by providing negative size parameters. JavaScript can not access the graphics layer in a way required to trigger this vulnerability, but it could be potentially used in a staged attack.

References

Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2015-77

Upper bound check bypass due to signed compare in SharedBufferManagerParent::RecvAllocateGrallocBuffer

Description

References