CVE-2012-3966

Priority
Description
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allow remote attackers to execute arbitrary code or cause a denial of
service (memory corruption) via a negative height value in a BMP image
within a .ICO file, related to (1) improper handling of the transparency
bitmask by the nsICODecoder component and (2) improper processing of the
alpha channel by the nsBMPDecoder component.
Notes
Package
Upstream:released (15.0)
Package
Upstream:needs-triage
Package
Upstream:released (15.0)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-03-18 22:10:02 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)