John Daggett

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 **Description** The issue is caused by a buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function. This could allow a remote attacker to cause a denial of service or possibly have other unspecified impacts by using a specially crafted font-family name. The `DirectWriteFontInfo::LoadFontFamilyData` function in `gfx/thebes/gfxDWriteFontList.cpp` is the vulnerable component. **Recommendations** For versions prior to 43.0, update to version 43.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `DirectWriteFontInfo::LoadFontFamilyData` function until a patch is available. Avoid using specially crafted font-family names in the affected function to minimize the risk of exploitation.