Mozilla Foundation Security Advisory 2012-64

Graphite 2 memory corruption

Announced
August 28, 2012
Reporter
Christoph Diehl
Impact
High
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 15
  • SeaMonkey 2.12
  • Thunderbird 15

Description

Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products.

References