Volerion logoVolerion
Volerion logoVolerion

Mozilla Firefox Denial-of-Service Vulnerability in the DOM: Service Workers Component

Vulnerability

A denial-of-service vulnerability has been identified in the DOM: Service Workers component of Mozilla Firefox. This issue affects versions of Firefox prior to 147. The vulnerability arises when a site registers a service worker with a large script, causing the browser to crash. The crash is triggered by a null pointer dereference after an oversized string payload is processed, exceeding the maximum length allowed.

Impact

Exploiting this vulnerability leads to a crash of the Firefox browser, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by visiting a page that registers a service worker with a large script under a unique, randomized scope. This can be done using a Python server that serves a malicious service worker script. The script should be crafted to append data to the service worker registration until it exceeds the length threshold, causing the browser to crash.

Remediation

Users can update to Firefox 147 or later, where this vulnerability has been fixed.

Added: Jan 13, 2026, 2:25 PM
Updated: Jan 13, 2026, 10:01 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
2.5
exploitability
5.8
remediation
7.7
relevance
2.0
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.