Mozilla Foundation Security Advisory 2012-07
Title: Potential Memory Corruption When Decoding Ogg Vorbis files
Impact: Critical
Announced: January 31, 2012
Reporter: regenrecht
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 10.0
Firefox 3.6.26
Thunderbird 10.0
Thunderbird 3.1.18
SeaMonkey 2.7
Description
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution.
References
uninitialized nsChildView
CVE-2012-0444