The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mozilla.org/security/announce/2009/mfsa2009-63.html
http://www.vupen.com/english/advisories/2009/3334
https://bugzilla.mozilla.org/show_bug.cgi?id=500311
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6443
Source: MITRE
Published: 2009-10-29
Updated: 2017-09-19
Type: NVD-CWE-Other
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
OR
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
67948 | Oracle Linux 4 / 5 : firefox (ELSA-2009-1530) | Nessus | Oracle Linux Local Security Checks | critical |
63402 | GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
49887 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6609) | Nessus | SuSE Local Security Checks | critical |
48157 | Mandriva Linux Security Advisory : firefox (MDVSA-2009:294) | Nessus | Mandriva Local Security Checks | critical |
42365 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6606) | Nessus | SuSE Local Security Checks | critical |
42363 | SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1488) | Nessus | SuSE Local Security Checks | critical |
42306 | Firefox 3.5.x < 3.5.4 Multiple Vulnerabilities | Nessus | Windows | high |
42298 | FreeBSD : mozilla -- multiple vulnerabilities (c87aa2d2-c3c4-11de-ab08-000f20797ede) | Nessus | FreeBSD Local Security Checks | critical |
42295 | CentOS 4 : firefox (CESA-2009:1530) | Nessus | CentOS Local Security Checks | critical |
5218 | Mozilla Firefox < 3.0.15 / 3.5.4 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
42287 | RHEL 4 / 5 : firefox (RHSA-2009:1530) | Nessus | Red Hat Local Security Checks | critical |