• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-23

Mozilla Foundation Security Advisory 2012-23

Title: Invalid frees causes heap corruption in gfxImageSurface
Impact: Critical
Announced: April 24, 2012
Reporter: Atte Kettunen
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 12.0
  Firefox ESR 10.0.4
  Thunderbird 12.0
  Thunderbird ESR 10.0.4
  SeaMonkey 2.9

Description

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. This happens due to float error, resulting from graphics values being passed through different number systems.

References

• ASAN: Heap-buffer-overflow WRITE of size 1 at nsSVGFEDiffuseLightingElement::LightPixel
• CVE-2012-0470