Mozilla Foundation Security Advisory 2013-116
Title: JPEG information leak
Announced: December 10, 2013
Reporter: Michal Zalewski
Products: Firefox, Thunderbird, Seamonkey
Fixed in: Firefox 26
Firefox ESR 24.2
Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft.