Mozilla Foundation Security Advisory 2012-21
Title: Multiple security flaws fixed in FreeType
Announced: April 24, 2012
Reporter: Mateusz Jurczyk
Products: Firefox Mobile
Fixed in: Firefox Mobile 10.0.4
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.
- FreeType: Multiple security flaws to be fixed in v2.4.9