Mozilla

Mozilla

Mozilla Foundation Security Advisory 2012-92

Buffer overflow while rendering GIF images

Announced
November 20, 2012
Reporter
Atte Kettunen
Impact
Critical
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 17
  • Firefox ESR 10.0.11
  • SeaMonkey 2.14
  • Thunderbird 17
  • Thunderbird ESR 10.0.11

Description

Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution.

References