Mozilla Foundation Security Advisory 2009-66
Memory safety fixes in liboggplay media library
- December 15, 2009
- Mozilla community and developers
- Firefox, SeaMonkey, Thunderbird
- Fixed in
- Firefox 3.5.6
- SeaMonkey 2.0.1
- Thunderbird 3.0.1
Mozilla discovered several bugs in liboggplay which posed potential memory safety issues. The bugs which were fixed could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer.
Audio and Video capabilities were added to the Mozilla browser engine in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of these products were not affected.
David Keeler and Bob Clary reported crashes in liboggplay.