• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-65

Mozilla Foundation Security Advisory 2012-65

Title: Out-of-bounds read in format-number in XSLT
Impact: Moderate
Announced: August 28, 2012
Reporter: Nicolas Grégoire
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 15
  Firefox ESR 10.0.7
  Thunderbird 15
  Thunderbird ESR 10.0.7
  SeaMonkey 2.12

Description

Security research Nicolas Grégoire used the Address Sanitizer tool to discover an out-of-bounds read in the format-number feature of XSLT, which can cause inaccurate formatting of numbers and information leakage. This is not directly exploitable.

References

• READ heap-buffer-overflow in format-number()
• CVE-2012-3972