Endpoint Vulnerability

Uninitialized memory use during bitmap rendering

Description

Google security researcher Michal Zalewski reported that when a malformed bitmap image is rendered by the bitmap decoder within a element, memory may not always be properly initialized. The resulting image then uses this uninitialized memory during rendering, allowing data to potentially leak to web content.

Affected Products

Firefox

References

CVE-2014-8637,