Red Hat Bugzilla – Bug 851923
CVE-2012-3971 Mozilla: Graphite 2 memory corruption (MFSA 2012-64)
Last modified: 2012-08-28 23:05:50 EDT
Using the Address Sanitizer tool, Mozilla security researcher Christoph Diehl discovered two memory corruption issues involving the Graphite 2 library used in Mozilla products. Both of these issues can cause a potentially exploitable crash. These problems were fixed in the Graphite 2 library, which has been updated for Mozilla products.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security researcher Christoph Diehl as the original reporter of this flaw.
This issue does not affect the version of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 5 and 6.