Endpoint Vulnerability

Out-of-bounds read during XML parsing in Expat library

Description

Security researcher Gustavo Grieco reported a potential out-of-bounds read parsing malformed XML data during character conversion. This is due to a bug in the Expat library, which is used in Firefox. This could allow an attacker to read other inaccessible memory.

Affected Products

Firefox

References

CVE-2016-0718,