Mozilla Firefox CVE-2015-0828 Vulnerability

description-logoDescription

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team and Mozilla security developer Gary Kwong used the Address Sanitizer tool to discover a double-free error when sending a zero-length XmlHttpRequest (XHR). This was due to errors in memory allocation when using different memory allocator libraries than jemalloc used by Mozilla builds. When those other memory allocators are used for build compilation, this could cause a potentially exploitable crash during some XHR actions.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2015-0828