Google developer Tony Payne reported an out of bounds (OOB) read in QCMS, Mozilla's color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered. Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-50.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Google developer Tony Payne as the original reporter of this issue.
Statement: Not Vulnerable. This issue does not affect the version of Firefox and Thunderbird package as shipped with Red Hat Enterprise Linux 5 and 6.