CVE-2012-1960 - Styleless Parenthesis

Description

The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0 Thunderbird 5.0 through 13.0 and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=761014 http://www.mozilla.org/security/announce/2012/mfsa2012-50.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf http://www.ubuntu.com/usn/USN-1509-2 http://www.securitytracker.com/id?1027256 http://secunia.com/advisories/49965 http://secunia.com/advisories/49972 http://www.ubuntu.com/usn/USN-1509-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16735 http://www.ubuntu.com/usn/USN-1510-1 http://www.securitytracker.com/id?1027258 http://www.securitytracker.com/id?1027257 http://www.securityfocus.com/bid/54572 http://secunia.com/advisories/49994 http://secunia.com/advisories/49993 http://secunia.com/advisories/49968 http://osvdb.org/84010