Tony Payne

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 4.x through 13.0 Thunderbird versions 5.0 through 13.0 SeaMonkey versions prior to 2.11 **Description** The issue allows remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. This is related to the `qcms transform data rgb out lut sse2` function in the QCMS implementation. **Recommendations** For Mozilla Firefox versions 4.x through 13.0, update to a version later than 13.0 to resolve the issue. For Thunderbird versions 5.0 through 13.0, update to a version later than 13.0 to resolve the issue. For SeaMonkey versions prior to 2.11, update to version 2.11 or later to resolve the issue.