You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-21

Mozilla Foundation Security Advisory 2012-21

Title: Multiple security flaws fixed in FreeType v2.4.9
Impact: Critical
Announced: April 24, 2012
Reporter: Mateusz Jurczyk
Products: Firefox Mobile

Fixed in: Firefox Mobile 10.0.4

Description

Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected.

On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

References