Mozilla Foundation Security Advisory 2010-78

Add support for OTS font sanitizer

Announced
December 9, 2010
Reporter
Marc Schoenefeld, Christoph Diehl
Impact
Critical
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 3.5.16
  • Firefox 3.6.13
  • SeaMonkey 2.0.11
  • Thunderbird 3.0.11
  • Thunderbird 3.1.7

Description

Mozilla added the OTS font sanitizing library to prevent downloadable fonts from exposing vulnerabilities in the underlying OS font code. This library mitigates against several issues independently reported by Red Hat Security Response Team member Marc Schoenefeld and Mozilla security researcher Christoph Diehl.

References