Mozilla Foundation Security Advisory 2009-36
Title: Heap/integer overflows in font glyph rendering libraries
Announced: July 21, 2009
Reporter: Will Drewry
Fixed in: Firefox 3.5
oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities which independently affected multiple font glyph rendering libraries. On Linux platforms libpango was susceptible to the vulnerabilities while on OS X CoreGraphics was similarly vulnerable. An attacker could trigger these overflows by constructing a very large text run for the browser to display. Such an overflow can result in a crash which the attacker could potentially use to run arbitrary code on a victim's computer.
The open-source nature of Linux meant that Mozilla was able to work
libpango maintainers to implement the correct fix
in version 1.24 of that system library which was distributed with OS
security updates. On Mac OS X Firefox works around the CoreGraphics
flaw by limiting the length of text runs passed to the system.
- OS X CoreGraphics - CVE-2009-2468
- Pango - CVE-2009-1194