You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-23

Mozilla Foundation Security Advisory 2012-23

Title: Invalid frees causes heap corruption in gfxImageSurface
Impact: Critical
Announced: April 24, 2012
Reporter: Atte Kettunen
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 12.0
  Firefox ESR 10.0.4
  Thunderbird 12.0
  Thunderbird ESR 10.0.4
  SeaMonkey 2.9


Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. This happens due to float error, resulting from graphics values being passed through different number systems.