Buffer overflow in Gamepad API

ID MFSA2014-54
Type mozilla
Reporter Mozilla Foundation
Modified 2014-06-10T00:00:00


Security researcher Looben Yang reported a buffer overflow in Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This can be either an actual physical device or by the installation of a virtual gamepad. This results in a potentially exploitable crash. The Gamepad API was introduced in Firefox 29 and this issue does not affect earlier versions.

This issue occurs only on Windows 8 with a gamepad or virtual gamepad attached.