Mozilla Foundation Security Advisory 2013-39

Memory corruption while rendering grayscale PNG images

Announced

April 2, 2013

Reporter

Tobias Schula

Impact

Moderate

Products

Firefox, SeaMonkey

Fixed in

Firefox 20
SeaMonkey 2.17

Description

Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled.

References

some grayscale PNG images display improperly when "gfx.color_management.enablev4" is enabled (CVE-2013-0792)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2013-39

Memory corruption while rendering grayscale PNG images

Description

References