Endpoint Vulnerability

Out-of-bounds write through TypedArrayObject after neutering

Description

Security researcher George Hotz, via TippingPoint's Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution.

Affected Products

SeaMonkey

References

CVE-2014-1514,