Mozilla Foundation Security Advisory 2010-78
Add support for OTS font sanitizer
- Announced
- December 9, 2010
- Reporter
- Marc Schoenefeld, Christoph Diehl
- Impact
- Critical
- Products
- Firefox, SeaMonkey, Thunderbird
- Fixed in
-
- Firefox 3.5.16
- Firefox 3.6.13
- SeaMonkey 2.0.11
- Thunderbird 3.0.11
- Thunderbird 3.1.7
Description
Mozilla added the OTS
font sanitizing library to prevent downloadable fonts from exposing
vulnerabilities in the underlying OS font code. This library mitigates
against several issues independently reported by Red Hat Security
Response Team member Marc Schoenefeld and Mozilla
security researcher Christoph Diehl.
References