You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2010-78

Mozilla Foundation Security Advisory 2010-78

Title: Add support for OTS font sanitizer
Impact: Critical
Announced: December 9, 2010
Reporter: Marc Schoenefeld, Christoph Diehl
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.13
  Firefox 3.5.16
  Thunderbird 3.1.7
  Thunderbird 3.0.11
  SeaMonkey 2.0.11

Description

Mozilla added the OTS font sanitizing library to prevent downloadable fonts from exposing vulnerabilities in the underlying OS font code. This library mitigates against several issues independently reported by Red Hat Security Response Team member Marc Schoenefeld and Mozilla security researcher Christoph Diehl.

References