CVE-2012-1960 — Sensitive Information Exposure in Mozilla Seamonkey

CWE-200 — Sensitive Information Exposure CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 32.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJul 18

Latest updateMay 14

Description

The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/seamonkey2.10+49

▶NVDmozilla/firefox16 versions+15

▶NVDmozilla/thunderbird17 versions+16

🔴Vulnerability Details

GHSA

GHSA-6mxc-p6wr-x8pc: The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4↗2022-05-14

▶

CVEList

CVE-2012-1960: The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4↗2012-07-18

▶

📋Vendor Advisories

Ubuntu

ubufox update↗2012-07-18

▶

Ubuntu

Firefox vulnerabilities↗2012-07-17

▶

Ubuntu

Thunderbird vulnerabilities↗2012-07-17

▶

Red Hat

Mozilla: Out of bounds read in QCMS (MFSA 2012-50)↗2012-07-17

▶

💬Community

Bugzilla

CVE-2012-1960 Mozilla: Out of bounds read in QCMS (MFSA 2012-50)↗2012-07-14

▶