Mozilla Foundation Security Advisory 2014-89

Bad casting from the BasicThebesLayer to BasicContainerLayer

Announced

December 2, 2014

Reporter

Byoungyoung Lee, Chengyu Song, Taesoo Kim

Impact

High

Products

Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird

Fixed in

Firefox 34
Firefox ESR 31.3
Firefox OS 2.2
SeaMonkey 2.31
Thunderbird 31.3

Description

Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified.

References

Bad casting: From BasicThebesLayer to BasicContainerLayer (CVE-2014-1594)

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog