WebRTC and LibVPX vulnerabilities found through code inspection

WebRTC and LibVPX vulnerabilities found through code inspection

Announced

March 8, 2016

Reporter

Ronald Crane

Impact

Moderate

Products

Firefox

Fixed in

• Firefox 45

Description

Security researcher Ronald Crane reported five "moderate" rated vulnerabilities affecting released code that were found through code inspection. These included the following issues in WebRTC: an integer underflow, a missing status check, race condition, and a use of deleted pointers to create new object. A race condition in LibVPX was also identified. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.

This issue only affects Windows systems. Linux, OS X, and Android systems are unaffected.

References

• Underflow in srtp_unprotect could cause memory-safety bug (CVE-2016-1970)
• Missing status check in I420VideoFrame::CreateFrame creates memory-safety bug (CVE-2016-1971)
• Potential race conditions around block-level statics cause memory-safety bugs (CVE-2016-1975)
• DesktopDisplayDevice::operator= uses members after delete on self-assignment (CVE-2016-1976)
• Race condition in |once| can cause use after free (CVE-2016-1972)