Mozilla Foundation Security Advisory 2012-06

Uninitialized memory appended when encoding icon images may cause information disclosure

Announced

January 31, 2012

Reporter

Tim Abraldes

Impact

High

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

Firefox 10
SeaMonkey 2.7
Thunderbird 10

Description

Mozilla developer Tim Abraldes reported that when encoding images as image/vnd.microsoft.icon the resulting data was always a fixed size, with uninitialized memory appended as padding beyond the size of the actual image. This is the result of mImageBufferSize in the encoder being initialized with a value different than the size of the source image. There is the possibility of sensitive data from uninitialized memory being appended to a PNG image when converted fron an ICO format image. This sensitive data may then be disclosed in the resulting image.

Firefox 3.6 and Thunderbird 3.1 are not affected by this vulnerability.

References

image/vnd.microsoft.icon output contains uninitialized bytes
CVE-2012-0447

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2012-06

Uninitialized memory appended when encoding icon images may cause information disclosure

Description

References