Out of bounds read during WAV file decoding
- March 18, 2014
- Atte Kettunen
- Firefox, Firefox ESR, SeaMonkey, Thunderbird
- Fixed in
- Firefox 28
- Firefox ESR 24.4
- SeaMonkey 2.25
- Thunderbird 24.4
Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash.
In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because audio is disabled, but is potentially a risk in browser or browser-like contexts.