Mozilla Foundation Security Advisory 2016-30

Buffer overflow in Brotli decompression

Announced
March 8, 2016
Reporter
Luke Li
Impact
High
Products
Firefox
Fixed in
  • Firefox 45

Description

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.

References