mozilla: denial of service [LWN.net]

Package(s):

iceweasel firefox thunderbird

CVE #(s):

CVE-2016-1523

Created:

February 15, 2016

Updated:

March 8, 2016

Description:

From the CVE entry:

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.

Alerts:

Gentoo	201701-63	graphite2	2017-01-24
Gentoo	201701-35	seamonkey	2017-01-13
Gentoo	201605-06	nss	2016-05-31
Fedora	FEDORA-2016-338a7e9925	graphite2	2016-05-10
Scientific Linux	SLSA-2016:0594-1	graphite2	2016-04-06
Oracle	ELSA-2016-0594	graphite2	2016-04-05
CentOS	CESA-2016:0594	graphite2	2016-04-05
Red Hat	RHSA-2016:0594-01	graphite2	2016-04-05
openSUSE	openSUSE-SU-2016:0875-1	graphite2	2016-03-24
openSUSE	openSUSE-SU-2016:0791-1	graphite2	2016-03-16
SUSE	SUSE-SU-2016:0779-1	graphite2	2016-03-15
Ubuntu	USN-2904-1	thunderbird	2016-03-08
SUSE	SUSE-SU-2016:0564-1	firefox	2016-02-24
Debian	DSA-3491-1	icedove	2016-02-24
SUSE	SUSE-SU-2016:0554-1	firefox	2016-02-24
Fedora	FEDORA-2016-4154a4d0ba	graphite2	2016-02-21
Arch Linux	ASA-201602-16	thunderbird	2016-02-21
Mageia	MGASA-2016-0078	thunderbird	2016-02-17
Mageia	MGASA-2016-0077	graphite2/firefox	2016-02-17
Ubuntu	USN-2902-1	graphite2	2016-02-17
Scientific Linux	SLSA-2016:0197-1	firefox	2016-02-16
Oracle	ELSA-2016-0197	firefox	2016-02-16
Oracle	ELSA-2016-0197	firefox	2016-02-16
Oracle	ELSA-2016-0197	firefox	2016-02-16
CentOS	CESA-2016:0197	firefox	2016-02-17
CentOS	CESA-2016:0197	firefox	2016-02-17
CentOS	CESA-2016:0197	firefox	2016-02-17
Debian	DSA-3479-1	graphite2	2016-02-15
Red Hat	RHSA-2016:0197-01	firefox	2016-02-16
Debian	DSA-3477-1	iceweasel	2016-02-14