Security researcher Felix Gröbert of Google discovered an out of bounds read in the QCMS color management library while manipulating an image with specific attributes in its ICC V4 profile. This causes a crash and could lead to information disclosure. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1132467 External References: https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/
Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Felix Gröbert of Google as the original reporter.
This issue was fixed in Firefox version 41.