製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Mozilla 製品の QCMS の実装におけるプロセスメモリから重要な情報を取得される脆弱性

タイトル	複数の Mozilla 製品の QCMS の実装におけるプロセスメモリから重要な情報を取得される脆弱性
概要	複数の Mozilla 製品で QCMS を実装している qcms_transform_data_rgb_out_lut_sse2 関数には、プロセスメモリから重要な情報を取得される脆弱性が存在します。
想定される影響	第三者により、領域外のメモリー参照を誘発する巧妙に細工されたカラープロファイルを介して、プロセスメモリから重要な情報を取得される可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2012年7月17日0:00
登録日	2012年7月19日15:47
最終更新日	2013年6月7日18:30

CVSS2.0 : 警告
スコア	5
ベクター	AV:N/AC:L/Au:N/C:P/I:N/A:N

影響を受けるシステム

Mozilla Foundation

Mozilla Firefox 14 未満

Mozilla SeaMonkey 2.11 未満

Mozilla Thunderbird 14 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1960	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960
National Vulnerability Database (NVD)
2	CVE-2012-1960	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1960

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	名前	URL
Mozilla Foundation
1	Bug 761014	https://bugzilla.mozilla.org/show_bug.cgi?id=761014
Mozilla Foundation Security Advisory
2	MFSA2012-50	http://www.mozilla.org/security/announce/2012/mfsa2012-50.html
Mozilla Foundation セキュリティアドバイザリ
3	MFSA2012-50	http://www.mozilla-japan.org/security/announce/2012/mfsa2012-50.html
opensuse-security-announce
4	openSUSE-SU-2012:0899	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
5	openSUSE-SU-2012:0917	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html
6	SUSE-SU-2012:0895	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
7	SUSE-SU-2012:0896	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
SECURITY BLOG
8	Multiple vulnerabilities in Firefox	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox
Xerox Security Bulletin
9	XRX13-003	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

変更履歴

No	変更内容	変更日
0	[2012年07月19日] 掲載 [2012年11月20日] ベンダ情報：openSUSE (openSUSE-SU-2012:0899) を追加ベンダ情報：openSUSE (openSUSE-SU-2012:0917) を追加ベンダ情報：Mozilla Foundation (Bug 761014) を追加 [2012年12月14日] ベンダ情報：オラクル (Multiple vulnerabilities in Firefox) を追加 [2013年06月07日] ベンダ情報：Xerox (XRX13-003) を追加ベンダ情報：openSUSE (SUSE-SU-2012:0895) を追加ベンダ情報：openSUSE (SUSE-SU-2012:0896) を追加	2018年2月17日10:37

NVD脆弱性情報

CVE-2012-1960

概要	The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.
公表日	2012年7月18日19:26
登録日	2021年1月28日14:56
最終更新日	2024年11月21日10:38

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:4.0:beta6::::::
cpe:2.3:a:mozilla:firefox:4.0:beta1::::::
cpe:2.3:a:mozilla:firefox:8.0:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta9::::::
cpe:2.3:a:mozilla:firefox:4.0:beta5::::::
cpe:2.3:a:mozilla:firefox:4.0:beta8::::::
cpe:2.3:a:mozilla:firefox:4.0:beta12::::::
cpe:2.3:a:mozilla:firefox:4.0:beta3::::::
cpe:2.3:a:mozilla:firefox:5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:5.0:::::::*
cpe:2.3:a:mozilla:firefox:7.0:::::::*
cpe:2.3:a:mozilla:firefox:6.0.2:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta2::::::
cpe:2.3:a:mozilla:firefox:4.0:beta4::::::
cpe:2.3:a:mozilla:firefox:13.0:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta10::::::
cpe:2.3:a:mozilla:firefox:12.0:beta6::::::
cpe:2.3:a:mozilla:firefox:6.0.1:::::::*
cpe:2.3:a:mozilla:firefox:4.0:::::::*
cpe:2.3:a:mozilla:firefox:11.0:::::::*
cpe:2.3:a:mozilla:firefox:6.0:::::::*
cpe:2.3:a:mozilla:firefox:7.0.1:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta11::::::
cpe:2.3:a:mozilla:firefox:12.0:::::::*
cpe:2.3:a:mozilla:firefox:8.0.1:::::::*
cpe:2.3:a:mozilla:firefox:9.0.1:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta7::::::
cpe:2.3:a:mozilla:firefox:9.0:::::::*
cpe:2.3:a:mozilla:firefox:4.0.1:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:mozilla:thunderbird:10.0:::::::*
cpe:2.3:a:mozilla:thunderbird:10.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:7.0:::::::*
cpe:2.3:a:mozilla:thunderbird:10.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:13.0:::::::*
cpe:2.3:a:mozilla:thunderbird:6.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:5.0:::::::*
cpe:2.3:a:mozilla:thunderbird:6.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:8.0:::::::*
cpe:2.3:a:mozilla:thunderbird:7.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:11.0:::::::*
cpe:2.3:a:mozilla:thunderbird:10.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:12.0:::::::*
cpe:2.3:a:mozilla:thunderbird:10.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:9.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:9.0:::::::*
cpe:2.3:a:mozilla:thunderbird:6.0:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:a:mozilla:seamonkey:2.0.10:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.13:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.5.0.10:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha2::::::
cpe:2.3:a:mozilla:seamonkey:2.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.17:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::
cpe:2.3:a:mozilla:seamonkey:2.0:rc2::::::
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
cpe:2.3:a:mozilla:seamonkey:1.0:alpha::::::
cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.12:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.11:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey::::::::		2.10
cpe:2.3:a:mozilla:seamonkey:2.1:rc1::::::
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha1::::::
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:beta2::::::
cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.14:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
cpe:2.3:a:mozilla:seamonkey:2.1:rc2::::::
cpe:2.3:a:mozilla:seamonkey:1.1.19:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.18:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha3::::::
cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:4.0:beta6::::::
cpe:2.3:a:mozilla:firefox:4.0:beta1::::::
cpe:2.3:a:mozilla:firefox:8.0:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta9::::::
cpe:2.3:a:mozilla:firefox:4.0:beta5::::::
cpe:2.3:a:mozilla:firefox:4.0:beta8::::::
cpe:2.3:a:mozilla:firefox:4.0:beta12::::::
cpe:2.3:a:mozilla:firefox:4.0:beta3::::::
cpe:2.3:a:mozilla:firefox:5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:5.0:::::::*
cpe:2.3:a:mozilla:firefox:7.0:::::::*
cpe:2.3:a:mozilla:firefox:6.0.2:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta2::::::
cpe:2.3:a:mozilla:firefox:4.0:beta4::::::
cpe:2.3:a:mozilla:firefox:13.0:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta10::::::
cpe:2.3:a:mozilla:firefox:12.0:beta6::::::
cpe:2.3:a:mozilla:firefox:6.0.1:::::::*
cpe:2.3:a:mozilla:firefox:4.0:::::::*
cpe:2.3:a:mozilla:firefox:11.0:::::::*
cpe:2.3:a:mozilla:firefox:6.0:::::::*
cpe:2.3:a:mozilla:firefox:7.0.1:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta11::::::
cpe:2.3:a:mozilla:firefox:12.0:::::::*
cpe:2.3:a:mozilla:firefox:8.0.1:::::::*
cpe:2.3:a:mozilla:firefox:9.0.1:::::::*
cpe:2.3:a:mozilla:firefox:4.0:beta7::::::
cpe:2.3:a:mozilla:firefox:9.0:::::::*
cpe:2.3:a:mozilla:firefox:4.0.1:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:mozilla:thunderbird:10.0:::::::*
cpe:2.3:a:mozilla:thunderbird:10.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:7.0:::::::*
cpe:2.3:a:mozilla:thunderbird:10.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:13.0:::::::*
cpe:2.3:a:mozilla:thunderbird:6.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:5.0:::::::*
cpe:2.3:a:mozilla:thunderbird:6.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:8.0:::::::*
cpe:2.3:a:mozilla:thunderbird:7.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:11.0:::::::*
cpe:2.3:a:mozilla:thunderbird:10.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:12.0:::::::*
cpe:2.3:a:mozilla:thunderbird:10.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:9.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:9.0:::::::*
cpe:2.3:a:mozilla:thunderbird:6.0:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:a:mozilla:seamonkey:2.0.10:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.13:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.5.0.10:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha2::::::
cpe:2.3:a:mozilla:seamonkey:2.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.17:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::
cpe:2.3:a:mozilla:seamonkey:2.0:rc2::::::
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
cpe:2.3:a:mozilla:seamonkey:1.0:alpha::::::
cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.12:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.11:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey::::::::		2.10
cpe:2.3:a:mozilla:seamonkey:2.1:rc1::::::
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha1::::::
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:beta2::::::
cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.14:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
cpe:2.3:a:mozilla:seamonkey:2.1:rc2::::::
cpe:2.3:a:mozilla:seamonkey:1.1.19:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.18:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha3::::::
cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
2	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
3	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
4	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
5	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
6	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
7	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html
8	http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html
9	http://osvdb.org/84010
10	http://osvdb.org/84010
11	http://secunia.com/advisories/49965
12	http://secunia.com/advisories/49965
13	http://secunia.com/advisories/49968
14	http://secunia.com/advisories/49968
15	http://secunia.com/advisories/49972
16	http://secunia.com/advisories/49972
17	http://secunia.com/advisories/49993
18	http://secunia.com/advisories/49993
19	http://secunia.com/advisories/49994
20	http://secunia.com/advisories/49994
21	http://www.mozilla.org/security/announce/2012/mfsa2012-50.html	Vendor Advisory
22	http://www.mozilla.org/security/announce/2012/mfsa2012-50.html	Vendor Advisory
23	http://www.securityfocus.com/bid/54572
24	http://www.securityfocus.com/bid/54572
25	http://www.securitytracker.com/id?1027256
26	http://www.securitytracker.com/id?1027256
27	http://www.securitytracker.com/id?1027257
28	http://www.securitytracker.com/id?1027257
29	http://www.securitytracker.com/id?1027258
30	http://www.securitytracker.com/id?1027258
31	http://www.ubuntu.com/usn/USN-1509-1
32	http://www.ubuntu.com/usn/USN-1509-1
33	http://www.ubuntu.com/usn/USN-1509-2
34	http://www.ubuntu.com/usn/USN-1509-2
35	http://www.ubuntu.com/usn/USN-1510-1
36	http://www.ubuntu.com/usn/USN-1510-1
37	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
38	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
39	https://bugzilla.mozilla.org/show_bug.cgi?id=761014
40	https://bugzilla.mozilla.org/show_bug.cgi?id=761014
41	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16735
42	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16735