Description

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

References

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html

http://secunia.com/advisories/48043

http://secunia.com/advisories/48095

http://www.debian.org/security/2012/dsa-2400

http://www.debian.org/security/2012/dsa-2402

http://www.debian.org/security/2012/dsa-2406

http://www.mandriva.com/security/advisories?name=MDVSA-2012:013

http://www.mozilla.org/security/announce/2012/mfsa2012-07.html

http://www.securityfocus.com/bid/51753

http://www.ubuntu.com/usn/USN-1370-1

https://bugzilla.mozilla.org/show_bug.cgi?id=719612

https://exchange.xforce.ibmcloud.com/vulnerabilities/72858

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464

Details

Risk Information

CVSS v2