• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-64

Mozilla Foundation Security Advisory 2012-64

Title: Graphite 2 memory corruption
Impact: High
Announced: August 28, 2012
Reporter: Christoph Diehl
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 15
  Thunderbird 15
  SeaMonkey 2.12

Description

Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products.

References

• Graphite 2 crash [@graphite2::Silf::readClassMap]
• Graphite 2 crash [@graphite2::Pass::readPass]
• CVE-2012-3971