Mozilla Foundation Security Advisory 2015-20

Buffer overflow during CSS restyling

Announced

February 24, 2015

Reporter

Atte Kettunen

Impact

High

Products

Firefox, SeaMonkey

Fixed in

Firefox 36
SeaMonkey 2.33

Description

Security researcher Atte Kettunen used the Address Sanitizer tool to discover an out-of-bounds read during the application of restyling and reflowing changes of web content using CSS. This results in a potentially exploitable crash.

References

Heap-buffer-overflow in nsTransformedTextRun::SetCapitalization (CVE-2015-0826)

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising