You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2013-31

Mozilla Foundation Security Advisory 2013-31

Title: Out-of-bounds write in Cairo library
Impact: High
Announced: April 2, 2013
Reporter: Abhishek Arya
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 20.0
  Firefox ESR 17.0.5
  Thunderbird 17.0.5
  Thunderbird ESR 17.0.5
  SeaMonkey 2.17


Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances.