CVE-2012-1960

medium

Description

The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16735

https://bugzilla.mozilla.org/show_bug.cgi?id=761014

http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

http://www.ubuntu.com/usn/USN-1510-1

http://www.ubuntu.com/usn/USN-1509-2

http://www.ubuntu.com/usn/USN-1509-1

http://www.securitytracker.com/id?1027258

http://www.securitytracker.com/id?1027257

http://www.securitytracker.com/id?1027256

http://www.securityfocus.com/bid/54572

http://www.mozilla.org/security/announce/2012/mfsa2012-50.html

http://secunia.com/advisories/49994

http://secunia.com/advisories/49993

http://secunia.com/advisories/49972

http://secunia.com/advisories/49968

http://secunia.com/advisories/49965

http://osvdb.org/84010

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html

Details

Source: Mitre, NVD

Published: 2012-07-18

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00542