• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-39

Mozilla Foundation Security Advisory 2013-39

Title: Memory corruption while rendering grayscale PNG images
Impact: Moderate
Announced: April 2, 2013
Reporter: Tobias Schula
Products: Firefox, SeaMonkey

Fixed in: Firefox 20.0
  SeaMonkey 2.17

Description

Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled.

References

• some grayscale PNG images display improperly when "gfx.color_management.enablev4" is enabled (CVE-2013-0792)