Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1960

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1960
Last Modified 10 Oct 2014 12:51:46
Published 18 Jul 2012 06:26:48
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1960

Summary

The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.

Vulnerable Systems

Application

  • Mozilla Firefox 11.0

  • Mozilla Firefox 12.0

  • Mozilla Firefox 13.0

  • Mozilla Firefox 4.0

  • Mozilla Firefox 4.0.1

  • Mozilla Firefox 5.0

  • Mozilla Firefox 5.0.1

  • Mozilla Firefox 6.0

  • Mozilla Firefox 6.0.1

  • Mozilla Firefox 6.0.2

  • Mozilla Firefox 7.0

  • Mozilla Firefox 7.0.1

  • Mozilla Firefox 8.0

  • Mozilla Firefox 8.0.1

  • Mozilla Firefox 9.0

  • Mozilla Firefox 9.0.1

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.4

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.10

  • Mozilla Seamonkey 1.1.11

  • Mozilla Seamonkey 1.1.12

  • Mozilla Seamonkey 1.1.13

  • Mozilla Seamonkey 1.1.14

  • Mozilla Seamonkey 1.1.15

  • Mozilla Seamonkey 1.1.16

  • Mozilla Seamonkey 1.1.17

  • Mozilla Seamonkey 1.1.18

  • Mozilla Seamonkey 1.1.19

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8

  • Mozilla Seamonkey 1.1.9

  • Mozilla Seamonkey 1.5.0.10

  • Mozilla Seamonkey 1.5.0.8

  • Mozilla Seamonkey 1.5.0.9

  • Mozilla Seamonkey 2.0

  • Mozilla Seamonkey 2.0.1

  • Mozilla Seamonkey 2.0.10

  • Mozilla Seamonkey 2.0.11

  • Mozilla Seamonkey 2.0.12

  • Mozilla Seamonkey 2.0.13

  • Mozilla Seamonkey 2.0.14

  • Mozilla Seamonkey 2.0.2

  • Mozilla Seamonkey 2.0.3

  • Mozilla Seamonkey 2.0.4

  • Mozilla Seamonkey 2.0.5

  • Mozilla Seamonkey 2.0.6

  • Mozilla Seamonkey 2.0.7

  • Mozilla Seamonkey 2.0.8

  • Mozilla Seamonkey 2.0.9

  • Mozilla Seamonkey 2.1

  • Mozilla Seamonkey 2.10

  • Mozilla Thunderbird 10.0

  • Mozilla Thunderbird 10.0.1

  • Mozilla Thunderbird 10.0.2

  • Mozilla Thunderbird 10.0.3

  • Mozilla Thunderbird 10.0.4

  • Mozilla Thunderbird 11.0

  • Mozilla Thunderbird 12.0

  • Mozilla Thunderbird 13.0

  • Mozilla Thunderbird 5.0

  • Mozilla Thunderbird 6.0

  • Mozilla Thunderbird 6.0.1

  • Mozilla Thunderbird 6.0.2

  • Mozilla Thunderbird 7.0

  • Mozilla Thunderbird 7.0.1

  • Mozilla Thunderbird 8.0

  • Mozilla Thunderbird 9.0

  • Mozilla Thunderbird 9.0.1


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=761014

CONFIRM - http://www.mozilla.org/security/announce/2012/mfsa2012-50.html

SUSE - openSUSE-SU-2012:0899

SUSE - openSUSE-SU-2012:0917

SUSE - SUSE-SU-2012:0896

SUSE - SUSE-SU-2012:0895

CONFIRM - http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

UBUNTU - USN-1509-2

UBUNTU - USN-1509-1

SECTRACK - 1027256

SECUNIA - 49972

SECUNIA - 49965

Related Patches

SUN145080-12 Solaris 10 SPARC: Firefox patch (Rev 2)

SUN145081-11 Solaris 10 x86: Firefox patch (Rev 2)

Novell SUSE 2012:6574 firefox-201207 security update for SLE 11 SP1 i586

Novell SUSE 2012:6574 firefox-201207 security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8226 firefox-201207 security update for SLE 10 SP4 i586

Novell SUSE 2012:8226 firefox-201207 security update for SLE 10 SP4 x86_64

Mozilla Firefox (en-us) 14.0.1 for Windows (Update) (See Notes)

Mozilla Firefox 14.0.1 for Mac OS X (Update) (See Note)


Last Updated: 27 May 2016 10:54:53