CVE-2012-3966

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 15.0 Firefox ESR versions prior to 10.0.7 Thunderbird versions prior to 15.0 Thunderbird ESR versions prior to 10.0.7 SeaMonkey versions prior to 2.12

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This is achieved by using a negative height value in a BMP image within a .ICO file. The problem is related to improper handling of the transparency bitmask by the nsICODecoder component and improper processing of the alpha channel by the nsBMPDecoder component.

Recommendations For Mozilla Firefox versions prior to 15.0, update to version 15.0 or later. For Firefox ESR versions prior to 10.0.7, update to version 10.0.7 or later. For Thunderbird versions prior to 15.0, update to version 15.0 or later. For Thunderbird ESR versions prior to 10.0.7, update to version 10.0.7 or later. For SeaMonkey versions prior to 2.12, update to version 2.12 or later.