Mozilla Foundation Security Advisory 2012-23
Invalid frees causes heap corruption in gfxImageSurface
- Announced
- April 24, 2012
- Reporter
- Atte Kettunen
- Impact
- Critical
- Products
- Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
- Fixed in
-
- Firefox 12
- Firefox ESR 10.0.4
- SeaMonkey 2.9
- Thunderbird 12
- Thunderbird ESR 10.0.4
Description
Using the Address Sanitizer tool, security researcher Atte
Kettunen from OUSPG found a heap corruption in gfxImageSurface which
allows for invalid frees and possible remote code execution. This happens due to
float error, resulting from graphics values being passed through different
number systems.
References