Endpoint Vulnerability

Write to invalid HashMap entry through JavaScript.watch()

Description

The CESG, the Information Security Arm of GCHQ, reported that the JavaScript .watch() method could be used to overflow the 32-bit generation count of the underlying HashMap, resulting in a write to an invalid entry. Under the right conditions this write could lead to arbitrary code execution. The overflow takes considerable time and a malicious page would require a user to keep it open for the duration of the attack.

Affected Products

Firefox,Firefox ESR

References

CVE-2016-2808,