Red Hat Bugzilla – Bug 994337
CVE-2013-1708 Mozilla: Crash during WAV audio file decoding (MFSA 2013-67)
Last modified: 2013-08-07 01:30:20 EDT
Security researcher Aki Helin from OUSPG used the Address Sanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service (DOS) attack by malicious parties.
In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6