Mozilla Foundation Security Advisory 2015-48
Buffer overflow with SVG content and CSS
- May 12, 2015
- Atte Kettunen
- Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird
- Fixed in
- Firefox 38
- Firefox ESR 31.7
- Firefox OS 2.2
- SeaMonkey 2.35
- Thunderbird 31.7
- Thunderbird 38.0.1
Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics when combined with specific CSS properties on a page. This results in a potentially exploitable crash.
In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.