Endpoint Vulnerability

Crash with JavaScript variable assignment with unboxed objects

Description

Security researcher Cajus Pollmeier reported that Firefox 41 was crashing during some Javascript variable assignments. The issue was caused by an implementation error with unboxed objects and property storing in the JavaScript engine. This error could result in a potentially exploitable crash when triggered by JavaScript content as well as leading to errors on some websites.

Affected Products

Firefox

References

CVE-2015-7204,