CVE-2012-3966

Priority
Medium
Description
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allow remote attackers to execute arbitrary code or cause a denial of
service (memory corruption) via a negative height value in a BMP image
within a .ICO file, related to (1) improper handling of the transparency
bitmask by the nsICODecoder component and (2) improper processing of the
alpha channel by the nsBMPDecoder component.
References
Package
Upstream:released (15.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (15.0+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (15.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (15.0+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2017-08-11 23:49:30 UTC (commit 13081)