Mozilla Firefox/SeaMonkey/Thunderbird graphics decoding information leakage Vulnerability

Release date:
Updated on:

Affected Systems:
Mozilla Firefox & lt; 10.0
Mozilla Thunderbird 9.0
Mozilla Thunderbird 8.0
Mozilla Thunderbird 7.0.1
Mozilla Thunderbird 7.0
Mozilla Thunderbird 6.0.2
Mozilla Thunderbird 6.0.1
Mozilla Thunderbird 6.0
Mozilla Thunderbird 5.0
Mozilla Thunderbird 6
Mozilla Thunderbird 6
Mozilla Thunderbird 5
Mozilla SeaMonkey 2.x
Unaffected system:
Mozilla Firefox 10.0.
Mozilla Thunderbird 10.0
Mozilla SeaMonkey 2.7
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51757
Cve id: CVE-2012-0447

Firefox is a very popular open-source WEB browser. Thunderbird is a mail client that supports IMAP, POP protocol, and HTML format. SeaMonkey is an open-source Web browser, mail and newsgroup client, IRC session client, and HTML editor.

Mozilla Firefox/Thunderbird/SeaMonkey In the decoded image/vnd. microsoft. icon, The result data is always fixed. The mImageBufferSize In the decoder is initialized with a value different from the source image size. There is an information leakage vulnerability in implementation, remote attackers can exploit this vulnerability to obtain sensitive information.

<* Source: Tim Abraldes

Link: http://www.mozilla.org/security/announce/2012/mfsa2012-06.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Mozilla
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.mozilla.org/security/