Mozilla Foundation Security Advisory 2016-68

Out-of-bounds read during XML parsing in Expat library

Announced
August 2, 2016
Reporter
Gustavo Grieco
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 48

Description

Security researcher Gustavo Grieco reported a potential out-of-bounds read parsing malformed XML data during character conversion. This is due to a bug in the Expat library, which is used in Firefox. This could allow an attacker to read other inaccessible memory.

References