Mozilla Foundation Security Advisory 2016-34

Out-of-bounds read in HTML parser following a failed allocation

Announced
March 8, 2016
Reporter
Ronald Crane
Impact
High
Products
Firefox, Firefox ESR, Thunderbird
Fixed in
  • Firefox 45
  • Firefox ESR 38.7
  • Thunderbird 38.7
  • Thunderbird 45

Description

Security researcher Ronald Crane reported an out-of-bounds read following a failed allocation in the HTML parser while working with unicode strings. This can also affect the parsing of XML and SVG format data. This leads to a potentially exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.

References