Mozilla Foundation Security Advisory 2013-116

JPEG information leak

Announced

December 10, 2013

Reporter

Michal Zalewski

Impact

High

Products

Firefox, Firefox ESR, SeaMonkey, Thunderbird

Fixed in

Firefox 26
Firefox ESR 24.2
SeaMonkey 2.23
Thunderbird 24.2

Description

Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan (SOS) and Define Huffman Table (DHT) markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft.

References

JPEG info leak
- (CVE-2013-6629)
- (CVE-2013-6630)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2013-116

JPEG information leak

Description

References