You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-65

Mozilla Foundation Security Advisory 2012-65

Title: Out-of-bounds read in format-number in XSLT
Impact: Moderate
Announced: August 28, 2012
Reporter: Nicolas Grégoire
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 15
  Firefox ESR 10.0.7
  Thunderbird 15
  Thunderbird ESR 10.0.7
  SeaMonkey 2.12

Description

Security research Nicolas Grégoire used the Address Sanitizer tool to discover an out-of-bounds read in the format-number feature of XSLT, which can cause inaccurate formatting of numbers and information leakage. This is not directly exploitable.

References