1.1 KiB
1.1 KiB
| announced | fixed_in | impact | reporter | title | ||||
|---|---|---|---|---|---|---|---|---|
| July 22, 2014 |
|
Critical | James Kitchener | Use-after-free in DirectWrite font handling |
Description
Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash.
This issue is limited to the Windows platform and does not affect OS X or Linux systems. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.