Published: 03/04/2013 Updated: 19/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Mozilla Firefox prior to 20.0 and SeaMonkey prior to 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote malicious users to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 19.0.1
mozilla firefox
mozilla firefox 19.0
mozilla seamonkey 2.16
mozilla seamonkey 2.16.1
mozilla seamonkey
mozilla seamonkey 2.16.2
mozilla seamonkey 2.15
mozilla seamonkey 2.14
mozilla seamonkey 2.0.11
mozilla seamonkey 2.0.13
mozilla seamonkey 2.0
mozilla seamonkey 2.11
mozilla seamonkey 2.13
mozilla seamonkey 2.12
mozilla seamonkey 2.1
mozilla seamonkey 2.3.1
mozilla seamonkey 2.3
mozilla seamonkey 2.2
mozilla seamonkey 2.17
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.5
mozilla seamonkey 2.10
mozilla seamonkey 2.12.1
mozilla seamonkey 2.4
mozilla seamonkey 2.4.1
mozilla seamonkey 2.9.1
mozilla seamonkey 2.9
mozilla seamonkey 2.5
mozilla seamonkey 2.6
mozilla seamonkey 2.6.1
mozilla seamonkey 2.15.1
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.10
mozilla seamonkey 2.10.1
mozilla seamonkey 2.0.9
mozilla seamonkey 2.13.2
mozilla seamonkey 2.3.3
mozilla seamonkey 2.3.2
mozilla seamonkey 2.8
mozilla seamonkey 2.15.2
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.7
mozilla seamonkey 2.13.1
mozilla seamonkey 2.7.1
mozilla seamonkey 2.7
mozilla seamonkey 2.7.2

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

This update provides a compatible version of Unity Firefox Extension for Firefox 20 ...

Mozilla Foundation Security Advisory 2013-39 Memory corruption while rendering grayscale PNG images Announced April 2, 2013 Reporter Tobias Schula Impact Moderate Products Firefox, SeaMonkey Fixed in ...

Mozilla Firefox before 200 and SeaMonkey before 217, when gfxcolor_managementenablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image ...

CWE-200 https://bugzilla.mozilla.org/show_bug.cgi?id=722831 http://www.mozilla.org/security/announce/2013/mfsa2013-39.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17021 https://nvd.nist.gov https://usn.ubuntu.com/1786-1/https://access.redhat.com/security/cve/cve-2013-0792

CVE-2013-0792

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect