• Security Center
  • Security Advisories
  • Known Vulnerabilities
  • Bug Bounty
  • Security Blog

You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-50

Mozilla Foundation Security Advisory 2012-50

Title: Out of bounds read in QCMS
Impact: Moderate
Announced: July 17, 2012
Reporter: Tony Payne
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 14
  Thunderbird 14
  SeaMonkey 2.11

Description

Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered.

References

• Out of bounds read in qcms_transform_data_rgb_out_lut_sse2
• CVE-2012-1960