Security Vulnerabilities fixed in Firefox mfsa2015-65

description-logoDescription

Security researcher Looben Yang used the Address Sanitizer tool to discover two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with either shared or dedicated workers. These errors occur when the XMLHttpRequest object is attached to a worker but that object is incorrectly deleted while still in use. This results in exploitable crashes.

affected-products-logoAffected Applications

Firefox
Firefox ESR

CVE References

CVE-2015-2722 CVE-2015-2733