Mozilla Foundation Security Advisory 2008-29
Title: Faulty .properties file results in uninitialized memory being used
Impact: Low
Announced: July 1, 2008
Reporter: Daniel Glazman
Products: Firefox, SeaMonkey
Fixed in: Firefox 2.0.0.15
SeaMonkey 1.1.10
Description
Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data formerly used by other programs being exposed to the add-on code. If the localized string were made available to web content by the add-on this might leak sensitive data.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=397093
* CVE-2008-2807