You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2009-66

Mozilla Foundation Security Advisory 2009-66

Title: Memory safety fixes in liboggplay media library
Impact: Critical
Announced: December 15, 2009
Reporter: Mozilla community and developers
Products: Firefox 3.5, SeaMonkey 2.0, Thunderbird 3.0

Fixed in: Firefox 3.5.6
  SeaMonkey 2.0.1
  Thunderbird 3.0.1

Description

Mozilla discovered several bugs in liboggplay which posed potential memory safety issues. The bugs which were fixed could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer.

Audio and Video capabilities were added to the Mozilla browser engine in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of these products were not affected.

References

David Keeler and Bob Clary reported crashes in liboggplay.