Security researcher Atte Kettunen used the Address Sanitizer tool to discover a buffer underflow during audio playback of a badly formatted MP3 audio files. Through memory allocation manipulation it may be possible to incorporate parts of Firefox memory into an MP3 stream accessible to scripts on the page.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.