Mozilla Foundation Security Advisory 2015-02

Uninitialized memory use during bitmap rendering

Announced

January 13, 2015

Reporter

Michal Zalewski

Impact

High

Products

Firefox, SeaMonkey

Fixed in

Firefox 35
SeaMonkey 2.32

Description

Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a <canvas> element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to web content.

References

Apparent use of uninitialized memory when rendering BMPs on <canvas> (CVE-2014-8637)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2015-02

Uninitialized memory use during bitmap rendering

Description

References