Out-of-bounds read during XML parsing in Expat library
- August 2, 2016
- Gustavo Grieco
- Fixed in
- Firefox 48
Security researcher Gustavo Grieco reported a potential out-of-bounds read parsing malformed XML data during character conversion. This is due to a bug in the Expat library, which is used in Firefox. This could allow an attacker to read other inaccessible memory.