Memory corruption in libjar through zip files

2015-11-03T00:00:00
ID MFSA2015-128
Type mozilla
Reporter Mozilla Foundation
Modified 2015-11-03T00:00:00

Description

Security researcher Gustavo Grieco reported a buffer underflow in libjar triggered through a maliciously crafted ZIP format file. This results in a potentially exploitable crash.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.