PT-2012-3690 · Mozilla+1 · Thunderbird+3

Tony Payne

Published

2012-07-17

Updated

2024-12-12

CVE-2012-1960

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 4.x through 13.0 Thunderbird versions 5.0 through 13.0 SeaMonkey versions prior to 2.11

Description The issue allows remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. This is related to the qcms transform data rgb out lut sse2 function in the QCMS implementation.

Recommendations For Mozilla Firefox versions 4.x through 13.0, update to a version later than 13.0 to resolve the issue. For Thunderbird versions 5.0 through 13.0, update to a version later than 13.0 to resolve the issue. For SeaMonkey versions prior to 2.11, update to version 2.11 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-1960

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

Affected Products

Firefox

Seamonkey

Suse

Thunderbird

PT-2012-3690 · Mozilla+1 · Thunderbird+3

CVE-2012-1960

Weakness Enumeration

Related Identifiers

Affected Products

References · 3100