Mozilla Foundation Security Advisory 2009-54

Mozilla Foundation Security Advisory 2009-54

Title: Crash with recursive web-worker calls
Impact: Critical
Announced: October 27, 2009
Reporter: Orlando Berrera
Products: Firefox 3.5

Fixed in: Firefox 3.5.4
Description

Security researcher Orlando Berrera of Sec Theory reported that recursive creation of JavaScript web-workers can be used to create a set of objects whose memory could be freed prior to their use. These conditions often result in a crash which could potentially be used by an attacker to run arbitrary code on a victim's computer.

Web Workers were introduced in Firefox 3.5 so this vulnerability did not affect earlier releases such as Firefox 3.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=514554
* CVE-2009-3371