You are here: Known Vulnerabilities in Mozilla Products (Firefox 2.0.0.15) > MFSA 2008-29

Mozilla Foundation Security Advisory 2008-29

Title: Faulty .properties file results in uninitialized memory being used
Impact: Low
Announced: July 1, 2008
Reporter: Daniel Glazman
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 2.0.0.15
  Thunderbird 2.0.0.16
  SeaMonkey 1.1.10

Description

Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data formerly used by other programs being exposed to the add-on code. If the localized string were made available to web content by the add-on this might leak sensitive data.

References