Mozilla Foundation Security Advisory 2012-06
Title: Uninitialized memory appended when
encoding icon images may cause information disclosure
Announced: January 31, 2012
Reporter: Tim Abraldes
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 10.0
Mozilla developer Tim Abraldes reported that when encoding
image/vnd.microsoft.icon the resulting data was always a
fixed size, with uninitialized memory appended as padding beyond the size of the
actual image. This is the result of mImageBufferSize in the encoder being
initialized with a value different than the size of the source image. There is
the possibility of sensitive data from uninitialized memory being appended to a
PNG image when converted fron an ICO format image. This sensitive data may then
be disclosed in the resulting image.
Firefox 3.6 and Thunderbird 3.1 are not affected by this vulnerability.