Endpoint Vulnerability

Buffer overflow when using non-XBL object as XBL

Description

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potentially exploitable.

Affected Products

SeaMonkey

References

CVE-2014-1524,