Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR 64-bit

Download Firefox ESR 32-bit

Download a different build

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR
Firefox Privacy Notice
Get Mozilla VPN

Mozilla Foundation Security Advisory 2013-67

Crash during WAV audio file decoding

Announced
August 6, 2013
Reporter
Aki Helin
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 23
  • SeaMonkey 2.20

Description

Security researcher Aki Helin from OUSPG used the Address Sanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service (DOS) attack by malicious parties.

In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.

References