Mozilla Foundation Security Advisory 2008-29

Faulty .properties file results in uninitialized memory being used

Announced

July 1, 2008

Reporter

Daniel Glazman

Impact

Low

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

Firefox 2.0.0.15
SeaMonkey 1.1.10
Thunderbird 2.0.0.16

Description

Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data formerly used by other programs being exposed to the add-on code. If the localized string were made available to web content by the add-on this might leak sensitive data.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=397093
CVE-2008-2807

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2008-29

Faulty .properties file results in uninitialized memory being used

Description

References