Security researcher Looben Yang reported a buffer overflow in Gamepad API when it is exercised with a gamepad device with non-contiguous axes. This can be either an actual physical device or by the installation of a virtual gamepad. This results in a potentially exploitable crash. The Gamepad API was introduced in Firefox 29 and this issue does not affect earlier versions. External Reference: http://www.mozilla.org/security/announce/2014/mfsa2014-54.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter. Statement: This issue does not affect the version of firefox as shipped with Red Hat Enterprise Linux 5 and 6
Created firefox tracking bugs for this issue: Affects: fedora-all [bug 1108683]
1. Fixed in FF30 (available for all branches) 2. "This issue occurs only on Windows 8 with a gamepad or virtual gamepad attached." @ http://www.mozilla.org/security/announce/2014/mfsa2014-54.html