Mozilla Foundation Security Advisory 2014-41

Out-of-bounds write in Cairo

Announced
April 29, 2014
Reporter
Jukka Jylänki
Impact
High
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 29
  • SeaMonkey 2.26

Description

Security researcher Jukka Jylänki reported a crash in the the Cairo graphics library. This happens when Cairo paints out-of-bounds to the destination buffer in the compositing function when working with canvas in certain circumstances. This issue allows malicious web content to cause a potentially exploitable crash.

This issue only affects Firefox 28 and Seamonkey 2.25 on Windows. Earlier versions of both products and installations on Linux and OS X were unaffected

References