You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-50

Mozilla Foundation Security Advisory 2012-50

Title: Out of bounds read in QCMS
Impact: Moderate
Announced: July 17, 2012
Reporter: Tony Payne
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 14
  Thunderbird 14
  SeaMonkey 2.11


Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered.