Mozilla Foundation Security Advisory 2008-29

Faulty .properties file results in uninitialized memory being used

Announced
July 1, 2008
Reporter
Daniel Glazman
Impact
Low
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 2.0.0.15
  • SeaMonkey 1.1.10
  • Thunderbird 2.0.0.16

Description

Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data formerly used by other programs being exposed to the add-on code. If the localized string were made available to web content by the add-on this might leak sensitive data.

References