You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-40

Mozilla Foundation Security Advisory 2012-40

Title: Buffer overflow and use-after-free issues found using Address Sanitizer
Impact: Critical
Announced: June 5, 2012
Reporter: Abhishek Arya
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 13.0
  Firefox ESR 10.0.5
  Thunderbird 13.0
  Thunderbird ESR 10.0.5
  SeaMonkey 2.10

Description

Security researcher Abhishek Arya of Google used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem. The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable.

References