Mozilla Foundation Security Advisory 2009-36

Heap/integer overflows in font glyph rendering libraries

Announced
July 21, 2009
Reporter
Will Drewry
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 3.0.12
  • Firefox 3.5

Description

oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities which independently affected multiple font glyph rendering libraries. On Linux platforms libpango was susceptible to the vulnerabilities while on OS X CoreGraphics was similarly vulnerable. An attacker could trigger these overflows by constructing a very large text run for the browser to display. Such an overflow can result in a crash which the attacker could potentially use to run arbitrary code on a victim's computer.

The open-source nature of Linux meant that Mozilla was able to work with the libpango maintainers to implement the correct fix in version 1.24 of that system library which was distributed with OS security updates. On Mac OS X Firefox works around the CoreGraphics flaw by limiting the length of text runs passed to the system.

References