CVE-2012-1960 Information
Description
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0 Thunderbird 5.0 through 13.0 and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.
Reference
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84010 http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http://secunia.com/advisories/49993 http://secunia.com/advisories/49994 http://www.mozilla.org/security/announce/2012/mfsa2012-50.html http://www.securityfocus.com/bid/54572 http://www.securitytracker.com/id?1027256 http://www.securitytracker.com/id?1027257 http://www.securitytracker.com/id?1027258 http://www.ubuntu.com/usn/USN-1509-1 http://www.ubuntu.com/usn/USN-1509-2 http://www.ubuntu.com/usn/USN-1510-1 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://bugzilla.mozilla.org/show_bug.cgi?id=761014 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A16735
Share on: