You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-39

Mozilla Foundation Security Advisory 2013-39

Title: Memory corruption while rendering grayscale PNG images
Impact: Moderate
Announced: April 2, 2013
Reporter: Tobias Schula
Products: Firefox, SeaMonkey

Fixed in: Firefox 20.0
  SeaMonkey 2.17


Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled.