CVE-2016-5281: UAF in DOMSVGLength

This flaw was NOT found with American Fuzzy Lop, but it was found with a tool by the same author, called cross_fuzz. This marks my 8th CVE assignment since I started fuzzing software.

This flaw affects multiple versions of Firefox: 31 to 44 and 46 to 48. It is fixed in Firefox 49 (released today) and in Firefox ESR 45.4.0 (also released today).

Make sure to check out security advisory and the original bug report.

geeknik

Also on this blog

SHARE:  Email · Facebook · Google · Twitter · Tumblr · Kindle
SUBSCRIBE:  Receive an email on new posts from geeknik

Comments


  • Notify me upon new comments

☺ Got it