You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-55

Mozilla Foundation Security Advisory 2011-55

Title: nsSVGValue out-of-bounds access
Impact: Critical
Announced: December 20, 2011
Reporter: regenrecht via TippingPoint's ZDI
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 9.0
  Firefox 3.6.28
  Thunderbird 9.0
  SeaMonkey 2.6

Description

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler.

This vulnerability does not affect products prior to Firefox 8 and SeaMonkey 2.5. Thunderbird 8 users would be vulnerable only if using a browser-like feature that allowed scripts to run; users are not at risk while reading mail.

References