Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Use-after-free and buffer overflow in Service Workers

Related Vulnerabilities: CVE-2016-2811   CVE-2016-2812  

Source

Mozilla Foundation Security Advisory 2016-42

Use-after-free and buffer overflow in Service Workers

Announced
April 26, 2016
Reporter
Looben Yang
Impact
High
Products
Firefox
Fixed in
  • Firefox 46

Description

Security researcher Looben Yang reported two issues discovered in Service Workers using Address Sanitizer.

The first of these is a use-after-free vulnerability caused by a ServiceWorkerInfo object being kept active beyond the life its owning registration. When it is later called through this registration, a use-after-free results.

In the second issue, a race condition leading to a buffer overflow was found in the ServiceWorkerManager. This leads to a potentially exploitable crash when triggered.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started