Groebert

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 41.0 **Description** The issue is caused by a buffer overflow in the lut inverse interp16 function of the QCMS library. This can be exploited by a remote attacker using a specially crafted image, potentially allowing access to sensitive information or causing a denial of service, including a buffer over-read and application crash. **Recommendations** For versions prior to 41.0, update to version 41.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of images with manipulated ICC 4 profiles until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 37.0 **Description** The issue concerns the QCMS implementation in Mozilla Firefox, which allows a remote attacker to obtain sensitive information from the process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation. **Recommendations** For versions prior to 37.0, update to version 37.0 or later to resolve the issue.