Mozilla Foundation Security Advisory 2014-17

Out of bounds read during WAV file decoding

Announced
March 18, 2014
Reporter
Atte Kettunen
Impact
High
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird
Fixed in
  • Firefox 28
  • Firefox ESR 24.4
  • SeaMonkey 2.25
  • Thunderbird 24.4

Description

Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash.

In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because audio is disabled, but is potentially a risk in browser or browser-like contexts.

References