Mozilla Foundation Security Advisory 2012-64

Graphite 2 memory corruption

Announced

August 28, 2012

Reporter

Christoph Diehl

Impact

High

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

Firefox 15
SeaMonkey 2.12
Thunderbird 15

Description

Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products.

References

Graphite 2 crash [@graphite2::Silf::readClassMap]
Graphite 2 crash [@graphite2::Pass::readPass]
CVE-2012-3971

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2012-64

Graphite 2 memory corruption

Description

References