Mozilla Foundation Security Advisory 2009-54
Title: Crash with recursive web-worker calls
Impact: Critical
Announced: October 27, 2009
Reporter: Orlando Berrera
Products: Firefox 3.5
Fixed in: Firefox 3.5.4
Description
Security researcher Orlando Berrera of Sec Theory reported that recursive creation of JavaScript web-workers can be used to create a set of objects whose memory could be freed prior to their use. These conditions often result in a crash which could potentially be used by an attacker to run arbitrary code on a victim's computer.
Web Workers were introduced in Firefox 3.5 so this vulnerability did not affect earlier releases such as Firefox 3.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=514554
* CVE-2009-3371