[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-1960Date: (C)2012-07-18   (M)2024-03-27


The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1027256
SECTRACK-1027257
SECTRACK-1027258
SECUNIA-49965
SECUNIA-49968
SECUNIA-49972
SECUNIA-49993
SECUNIA-49994
BID-54572
OSVDB-84010
SUSE-SU-2012:0895
SUSE-SU-2012:0896
USN-1509-1
USN-1509-2
USN-1510-1
http://www.mozilla.org/security/announce/2012/mfsa2012-50.html
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.mozilla.org/show_bug.cgi?id=761014
openSUSE-SU-2012:0899
openSUSE-SU-2012:0917
oval:org.mitre.oval:def:16735

CPE    115
cpe:/a:mozilla:thunderbird:11.0
cpe:/a:mozilla:firefox:7.0.1
cpe:/a:mozilla:seamonkey:1.5.0.8
cpe:/a:mozilla:seamonkey:1.5.0.9
...
CWE    1
CWE-200
OVAL    14
oval:org.secpod.oval:def:400420
oval:org.secpod.oval:def:400389
oval:org.secpod.oval:def:400407
oval:org.secpod.oval:def:700940
...

© SecPod Technologies