Mozilla Firefox "BumpChunk" Object Processing Use-After-Free

Mozilla Firefox "BumpChunk" Object Processing Use-After-Free: Posted Mar 26, 2014; Authored by VUPEN | Site vupen.com; VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the JS engine when processing "BumpChunk" objects while the browser is under a memory pressure, which could be exploited to leak arbitrary memory and/or achieve code execution via a malicious web page. Affected include Mozilla Firefox versions prior to 28, Mozilla Firefox ESR versions prior to 24.4, Mozilla Thunderbird versions prior to 24.4, and Mozilla Seamonkey versions prior to 2.25.; tags | advisory, web, arbitrary, code execution; SHA-256 | 8ec37d142ffe45019d55b44766e907b9f25a969d41aa3e74ea5c6edf7eb66567; Download | Favorite | View

Mozilla Firefox "BumpChunk" Object Processing Use-After-Free

VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing
Use-after-free (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen


I. BACKGROUND
---------------------

"Mozilla Firefox is a free and open-source web browser developed for
Windows, OS X, and Linux, with a mobile version for Android, by the
Mozilla Foundation and its subsidiary, the Mozilla Corporation.
As of February 2014, Firefox has between 12% and 22% of worldwide
usage, according to different sources." (Wikipedia)


II. DESCRIPTION
---------------------

VUPEN Vulnerability Research Team discovered a critical vulnerability
in Mozilla Firefox.

The vulnerability is caused by a use-after-free error in the JS engine
when processing "BumpChunk" objects while the browser is under a memory
pressure, which could be exploited to leak arbitrary memory and/or
achieve code execution via a malicious web page.


III. AFFECTED PRODUCTS
---------------------------

Mozilla Firefox versions prior to 28
Mozilla Firefox ESR versions prior to 24.4
Mozilla Thunderbird versions prior to 24.4
Mozilla Seamonkey versions prior to 2.25


IV. SOLUTION
----------------

Upgrade to Firefox v28, Firefox ESR v24.4, Thunderbird v24.4 and
Seamonkey v2.25.


V. CREDIT
--------------

This vulnerability was discovered by VUPEN Security.


VI. ABOUT VUPEN Security
---------------------------

VUPEN is the leading provider of defensive and offensive cyber security
intelligence and advanced zero-day research. All VUPEN's vulnerability
intelligence results exclusively from its internal and in-house R&D
efforts conducted by its team of world-class researchers.

VUPEN Solutions: http://www.vupen.com/english/services/


VII. REFERENCES
----------------------

https://www.mozilla.org/security/announce/2014/mfsa2014-30.html


VIII. DISCLOSURE TIMELINE
-----------------------------

2014-01-19 - Vulnerability Discovered by VUPEN Security
2014-03-12 - Vulnerability Reported to Mozilla/ZDI During Pwn2Own 2014
2014-03-18 - Vulnerability Fixed by Mozilla
2014-03-26 - Public disclosure

Top Authors In Last 30 Days

Red Hat 237 files
Ubuntu 85 files
Gentoo 31 files
Debian 17 files
tmrswrr 8 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
bRpsd 3 files
ron190 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,448)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,344)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,672)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

Mozilla Firefox "BumpChunk" Object Processing Use-After-Free

Mozilla Firefox "BumpChunk" Object Processing Use-After-Free

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mozilla Firefox "BumpChunk" Object Processing Use-After-Free

Share This

Mozilla Firefox "BumpChunk" Object Processing Use-After-Free

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems