Uninitialized memory use during bitmap rendering

ID MFSA2015-02
Type mozilla
Reporter Mozilla Foundation
Modified 2015-01-13T00:00:00


Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a <canvas> element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to web content.