Mozilla Foundation Security Advisory 2012-50
Title: Out of bounds read in QCMS
Announced: July 17, 2012
Reporter: Tony Payne
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 14
Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered.