Mozilla Foundation Security Advisory 2015-20

Buffer overflow during CSS restyling

Announced

February 24, 2015

Reporter

Atte Kettunen

Impact

High

Products

Firefox, SeaMonkey

Fixed in

• Firefox 36
• SeaMonkey 2.33

Description

Security researcher Atte Kettunen used the Address Sanitizer tool to discover an out-of-bounds read during the application of restyling and reflowing changes of web content using CSS. This results in a potentially exploitable crash.

References

• Heap-buffer-overflow in nsTransformedTextRun::SetCapitalization (CVE-2015-0826)