CVE-2014-8637 Information

Description

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://secunia.com/advisories/62242 http://secunia.com/advisories/62250 http://secunia.com/advisories/62253 http://secunia.com/advisories/62316 http://secunia.com/advisories/62418 http://secunia.com/advisories/62446 http://secunia.com/advisories/62790 http://www.mozilla.org/security/announce/2014/mfsa2015-02.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72048 http://www.securitytracker.com/id/1031533 https://bugzilla.mozilla.org/show_bug.cgi?id=1094536 https://exchange.xforce.ibmcloud.com/vulnerabilities/99957 https://security.gentoo.org/glsa/201504-01