It was discovoered [1] that the Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context. In some situations, this could be abused to perform a Denial of Service attack (hang and/or resource exhaustion) on a Mumble client by causing it to load external files via the HTML. A fix for this issue has been released in Mumble 1.2.6. The fix is also available in the Mumble git repo as: e30d7acda6c04b667618ac86f49786cf966a08fb (on the v1.2.6 branch). [1]: http://mumble.info/security/Mumble-SA-2014-006.txt
mumble-1.2.6-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
mumble-1.2.6-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.