Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozilla's color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Google developer Tony Payne as the original reporter of this issue.
Not Vulnerable. This issue does not affect the version of Firefox and Thunderbird package as shipped with Red Hat Enterprise Linux 5 and 6.