You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-61

Mozilla Foundation Security Advisory 2012-61

Title: Memory corruption with bitmap format images with negative height
Impact: Critical
Announced: August 28, 2012
Reporter: Frédéric Hoguin
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 15
  Firefox ESR 10.0.7
  Thunderbird 15
  Thunderbird ESR 10.0.7
  SeaMonkey 2.12

Description

Security researcher Frédéric Hoguin reported two related issues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO) format files. When processing a negative "height" header value for the bitmap image, a memory corruption can be induced, allowing an attacker to write random memory and cause a crash. This crash may be potentially exploitable.

References