Mozilla Foundation Security Advisory 2012-64

Graphite 2 memory corruption

Announced

August 28, 2012

Reporter

Christoph Diehl

Impact

High

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

Firefox 15
SeaMonkey 2.12
Thunderbird 15

Description

Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products.

References

Graphite 2 crash [@graphite2::Silf::readClassMap]
Graphite 2 crash [@graphite2::Pass::readPass]
CVE-2012-3971

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Privacy Promise

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Product Promise

Firefox Relay

MDN Plus

Mozilla Manifesto

Mozilla Foundation

Get involved

Leadership

Careers

Mozilla Blog

Firefox Developer Edition

MDN Web Docs

Common Voice

Mozilla Innovation Projects

Mozilla Foundation Security Advisory 2012-64

Graphite 2 memory corruption

Description

References