Mozilla

Mozilla Foundation Security Advisory 2016-50

Buffer overflow parsing HTML5 fragments

Announced
June 7, 2016
Reporter
firehack
Impact
Critical
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 47
  • Firefox ESR 45.2

Description

Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an <svg> node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document.

References