Detections
Analytics
CVE-2012-1960
high
Description
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16735
https://bugzilla.mozilla.org/show_bug.cgi?id=761014
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
http://www.ubuntu.com/usn/USN-1510-1
http://www.ubuntu.com/usn/USN-1509-2
http://www.ubuntu.com/usn/USN-1509-1
http://www.securitytracker.com/id?1027258
http://www.securitytracker.com/id?1027257
http://www.securitytracker.com/id?1027256
http://www.securityfocus.com/bid/54572
http://www.mozilla.org/security/announce/2012/mfsa2012-50.html
http://secunia.com/advisories/49994
http://secunia.com/advisories/49993
http://secunia.com/advisories/49972
http://secunia.com/advisories/49968
http://secunia.com/advisories/49965
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html