Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 36.0.3 / Firefox ESR < 31.5.2 JIT Code Execution

High

Synopsis

The remote host has a web browser that is affected by a remote code execution vulnerability.

Description

Versions of Mozilla Firefox earlier than 36.0.3 (or ESR version 31.5.2) are affected by a remote code execution vulnerability due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to just-in-time compilation for JavaScript. A remote attacker, using a specially crafted web page, can exploit this to execute arbitrary code by reading and writing to memory.

Solution

Upgrade to Firefox 36.0.3 (or Firefox ESR version 31.5.2, as appropriate), or later.