• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-31

Mozilla Foundation Security Advisory 2012-31

Title: Off-by-one error in OpenType Sanitizer
Impact: Critical
Announced: April 24, 2012
Reporter: Mateusz Jurczyk
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 12.0
  Firefox ESR 10.0.4
  Thunderbird 12.0
  Thunderbird ESR 10.0.4
  SeaMonkey 2.9

Description

Mateusz Jurczyk of the Google Security Team discovered an off-by-one error in the OpenType Sanitizer using the Address Sanitizer tool. This can lead to an out-of-bounds read and execution of an uninitialized function pointer during parsing and possible remote code execution.

References

• OTS off-by-one may result in arbitrary code execution
• Security: Off-by-one in OTS resulting in arbitrary code execution
• CVE-2011-3062