Mozilla Foundation Security Advisory 2016-64

Buffer overflow rendering SVG with bidirectional content

Announced
August 2, 2016
Reporter
Atte Kettunen
Impact
High
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 48
  • Firefox ESR 45.3

Description

Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics with directional content. This is caused by a flaw in directional-isolate processing and results in a potentially exploitable crash.

References