Release date: 2011-12-20
Updated on: 2011-12-21
Affected Systems:
Mozilla Firefox 8.0.1
Mozilla Firefox 8.0.
Mozilla Firefox 7.x
Mozilla Firefox 5.x
Mozilla Firefox 4.x
Mozilla Firefox 3.x
Mozilla Thunderbird 3.x
Mozilla SeaMonkey 2.x
Unaffected system:
Mozilla Firefox 9.0.
Mozilla Thunderbird 9.0
Mozilla SeaMonkey 2.6
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51134
Cve id: CVE-2011-3665
Firefox is a very popular open-source WEB browser. Thunderbird is a mail client that supports IMAP, POP protocol, and HTML format. SeaMonkey is an open-source Web browser, mail and newsgroup client, IRC session client, and HTML editor.
Mozilla Firefox/Thunderbird/SeaMonkey has a denial of service vulnerability in the implementation of OGG <video> element scaling. Attackers can exploit this vulnerability to cause application crashes and DOS, arbitrary Code may be executed. This vulnerability does not affect Firefox 3.6.
<* Source: Mariusz Mlynsky
Sczimmer
Link: http://secunia.com/advisories/47302/
Http://www.mozilla.org/security/announce/2011/mfsa2011-58.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Mozilla
-------
Mozilla has released a Security Bulletin (mfsa2011-58) and patches for this:
Mfsa2011-58: Mozilla Foundation Security Advisory 2011-58
Link: http://www.mozilla.org/security/announce/2011/mfsa2011-58.html