Mozilla · Firefox · CVE-2015-2712
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions prior to 38.0
**Description**
The issue is related to the asm.js implementation, which does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped. This allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript.
**Recommendations**
For versions prior to 38.0, update to version 38.0 or later to resolve the issue.