Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.
Max CVSS
5.0
EPSS Score
0.44%
Published
2015-01-14
Updated
2017-09-08
1 vulnerabilities found