Mozilla Foundation Security Advisory 2016-78

Type confusion in display transformation

Announced
August 2, 2016
Reporter
Nils
Impact
High
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 48
  • Firefox ESR 45.3

Description

Using the Address Sanitizer tool, security researcher Nils reported a type confusion flaw in display transformation during rendering due to incorrect bounds checking. This leads to a potentially exploitable crash and can be triggered by web content.

References