Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3388 to the following vulnerability: Name: CVE-2009-3388 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388 Assigned: 20090924 Reference: CONFIRM: http://www.mozilla.org/security/announce/2009/mfsa2009-66.html Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=504843 Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=523816 Reference: BID:37349 Reference: URL: http://www.securityfocus.com/bid/37349 Reference: BID:37369 Reference: URL: http://www.securityfocus.com/bid/37369 Reference: SECTRACK:1023335 Reference: URL: http://securitytracker.com/id?1023335 Reference: SECTRACK:1023336 Reference: URL: http://securitytracker.com/id?1023336 Reference: SECUNIA:37699 Reference: URL: http://secunia.com/advisories/37699 Reference: SECUNIA:37785 Reference: URL: http://secunia.com/advisories/37785 Reference: VUPEN:ADV-2009-3547 Reference: URL: http://www.vupen.com/english/advisories/2009/3547 Reference: XF:mozilla-liboggplay-code-execution(54804) Reference: URL: http://xforce.iss.net/xforce/xfdb/54804 liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
liboggplay is not shipped as separate package in Red Hat Enterprise Linux or Fedora. It is included in mozilla packages and the issue was resolved in affected Fedora versions via Firefox updates to 3.5.6.