You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-116

Mozilla Foundation Security Advisory 2013-116

Title: JPEG information leak
Impact: High
Announced: December 10, 2013
Reporter: Michal Zalewski
Products: Firefox, Thunderbird, Seamonkey

Fixed in: Firefox 26
  Firefox ESR 24.2
  Thunderbird 24.2
  Seamonkey 2.23


Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft.