Mozilla Foundation Security Advisory 2016-30
Buffer overflow in Brotli decompression
- Announced
- March 8, 2016
- Reporter
- Luke Li
- Impact
- High
- Products
- Firefox
- Fixed in
-
- Firefox 45
Description
Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.