Mozilla Foundation Security Advisory 2015-34
Out of bounds read in QCMS library
- Announced
- March 31, 2015
- Reporter
- Felix Gröbert
- Impact
- Moderate
- Products
- Firefox, Firefox OS, SeaMonkey
- Fixed in
-
- Firefox 37
- Firefox OS 2.2
- SeaMonkey 2.35
Description
Security researcher Felix Gröbert of Google used the
Address Sanitizer tool to discover an out of bounds read in the QCMS color
management library while transforming images with certain parameters. This could
lead to information disclosure.
References