Home > Vulnerability Database > CVE-2012-1960

Mend.io Vulnerability Database

CVE-2012-1960

Date: July 18, 2012

The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.

Severity Score

4.0

Related Resources (24)

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16735

Url: http://www.ubuntu.com/usn/USN-1510-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-1960

Url: http://www.mozilla.org/security/announce/2012/mfsa2012-50.html

Url: http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html

Url: http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1960

Url: http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html

Url: http://osvdb.org/84010

Url: http://secunia.com/advisories/49968

Url: http://www.securityfocus.com/bid/54572

Url: http://www.ubuntu.com/usn/USN-1509-1

Url: http://www.ubuntu.com/usn/USN-1509-2

Url: http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html

Url: http://www.securitytracker.com/id?1027257

Url: http://www.securitytracker.com/id?1027256

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=761014

Url: http://secunia.com/advisories/49993

Url: http://www.securitytracker.com/id?1027258

Url: http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html

Url: http://secunia.com/advisories/49994

Url: http://secunia.com/advisories/49972

Url: http://secunia.com/advisories/49965

Url: https://www.mend.io/vulnerability-database/CVE-2012-1960

Severity Score

4.0

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-1960

Date: July 18, 2012

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?