Buffer overflow during image interactions in canvas

ID MFSA2015-123
Type mozilla
Reporter Mozilla Foundation
Modified 2015-11-03T00:00:00


Security researcher Looben Yang reported a buffer overflow in the JPEGEncoder function during script interactions with a canvas element. This is caused by a race condition and incorrectly matched sizes following image interactions. This leads to a potentially exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.