Endpoint Vulnerability

Out-of-bounds read and write in asm.js validation

Description

Security researcher Dougall Johnson reported an out-of-bounds read and write in asm.js during JavaScript validation due to an error in how heap lengths are defined. This results in a potentially exploitable crash and could allow for the reading of random memory which may contain sensitive data.

Affected Products

Firefox

References

CVE-2015-2712,