Mozilla Foundation Security Advisory 2010-78
Title: Add support for OTS font sanitizer
Impact: Critical
Announced: December 9, 2010
Reporter: Marc Schoenefeld, Christoph Diehl
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 3.6.13
Firefox 3.5.16
Thunderbird 3.1.7
Thunderbird 3.0.11
SeaMonkey 2.0.11
Description
Mozilla added the OTS font sanitizing library to prevent downloadable fonts from exposing vulnerabilities in the underlying OS font code. This library mitigates against several issues independently reported by Red Hat Security Response Team member Marc Schoenefeld and Mozilla security researcher Christoph Diehl.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=527276
* CVE-2010-3768