CVE-2015-0813 Information

Description

Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0 Firefox ESR 31.x before 31.6 and Thunderbird before 31.6 on Linux when the Fluendo MP3 plugin for GStreamer is used allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://rhn.redhat.com/errata/RHSA-2015-0766.html http://rhn.redhat.com/errata/RHSA-2015-0771.html http://www.debian.org/security/2015/dsa-3211 http://www.debian.org/security/2015/dsa-3212 http://www.mozilla.org/security/announce/2015/mfsa2015-31.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/73463 http://www.securitytracker.com/id/1031996 http://www.securitytracker.com/id/1032000 http://www.ubuntu.com/usn/USN-2550-1 http://www.ubuntu.com/usn/USN-2552-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1106596 https://security.gentoo.org/glsa/201512-10