CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
77.6%
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS
implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through
13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain
sensitive information from process memory via a crafted color profile that
triggers an out-of-bounds read operation.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | < 14.0.1+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | < 14.0.1+build1-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | firefox | < 14.0.1+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | firefox | < 14.0.1+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | < 14.0+build1-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.04 | noarch | thunderbird | < 14.0+build1-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | thunderbird | < 14.0+build1-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 14.0+build1-0ubuntu0.12.04.1 | UNKNOWN |