Security researcher Francisco Alonso of the NowSecure Research Team used the
Address Sanitizer tool to discover an out-of-bounds read issue during 2D canvas
rendering. This was due to an issue in the cairo graphics library when surfaces
are created with 32-bit color depth but displayed on a 16-bit color depth
system, which is unsupported. This allows an attacker to read an amount of
random memory following the heap for the 16-bit surface leading to information
This issue is specific to Linux in certain configurations and does not
affect Windows or OS X systems.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francisco Alonso of the NowSecure Research Team as the original reporter.
This issue was fixed in Firefox version 41.