Mozilla Foundation Security Advisory 2014-41

Out-of-bounds write in Cairo

Announced

April 29, 2014

Reporter

Jukka Jylänki

Impact

High

Products

Firefox, SeaMonkey

Fixed in

Firefox 29
SeaMonkey 2.26

Description

Security researcher Jukka Jylänki reported a crash in the the Cairo graphics library. This happens when Cairo paints out-of-bounds to the destination buffer in the compositing function when working with canvas in certain circumstances. This issue allows malicious web content to cause a potentially exploitable crash.

This issue only affects Firefox 28 and Seamonkey 2.25 on Windows. Earlier versions of both products and installations on Linux and OS X were unaffected

References

crash in sse2_composite_src_x888_8888 (CVE-2014-1528)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2014-41

Out-of-bounds write in Cairo

Description

References