CVE-2012-3966

Priority
Description
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12
allow remote attackers to execute arbitrary code or cause a denial of
service (memory corruption) via a negative height value in a BMP image
within a .ICO file, related to (1) improper handling of the transparency
bitmask by the nsICODecoder component and (2) improper processing of the
alpha channel by the nsBMPDecoder component.
Notes
Package
Upstream:released (15.0)
Package
Upstream:needs-triage
Package
Upstream:released (15.0)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 20:59:51 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)