Mozilla » Firefox Esr : Security Vulnerabilities, CVEs, Published In 2016 (Information Leak) CVSS score >= 8
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
Max CVSS
8.1
EPSS Score
2.99%
Published
2016-02-13
Updated
2018-01-05
1 vulnerabilities found