A memory corruption flaw was found in the way Firefox parsed Ogg Vorbis files. When a malicious Ogg Vorbis file could cause firefox to crash or execute arbitrary code with the permission of the user running firefox. Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=719612
Public now via: http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
External References: http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:0079 https://rhn.redhat.com/errata/RHSA-2012-0079.html
The following upstream patch fixes this issue: https://hg.mozilla.org/releases/mozilla-1.9.2/rev/952491790dee
This issue has also been addressed upstream in libvorbis via the following commit: https://trac.xiph.org/changeset/18151
Created libvorbis tracking bugs for this issue Affects: fedora-all [bug 790653]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Via RHSA-2012:0136 https://rhn.redhat.com/errata/RHSA-2012-0136.html