• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-92

Mozilla Foundation Security Advisory 2012-92

Title: Buffer overflow while rendering GIF images
Impact: Critical
Announced: November 20, 2012
Reporter: Atte Kettunen
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 17.0
  Firefox ESR 10.0.11
  Thunderbird 17.0
  Thunderbird ESR 10.0.11
  SeaMonkey 2.14

Description

Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution.

References

• ASAN: Heap-buffer-overflow at image::RasterImage::DrawFrameTo
• CVE-2012-4202