Slashdot Mirror

← Back to Stories (view on slashdot.org)

MP3 Backend of Firefox and Thunderbird Found Vulnerable

Posted by samzenpus on Wednesday April 1, 2015 @08:01PM from the protect-ya-neck dept.

jones_supa writes A critical vulnerability has been found in the MPEG-1 Layer III playback backend of Mozilla Firefox and Thunderbird. Security researcher Aki Helin reported a use-after-free scenario when playing certain audio files on the web using the Fluendo MP3 plugin for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by the plugin and its interaction with Mozilla code. A maliciously crafted MP3 file can lead to a potentially exploitable crash. Linux is the only affected platform, so Windows and OS X users are safe from this particular vulnerability.

3 of 60 comments (clear)

Min score:

Reason:

Sort:

Watch what you listen by hcs_$reboot · 2015-04-01 20:06 · Score: 5, Funny

a use-after-free scenario when playing certain audio files (...) can lead to a potentially exploitable crash
It has been reported that the crash always happen when playing J.Bieber stuff.

--
Slashdot, fix the reply notifications... You won't get away with it...
Re:DANGER WILL ROBINSON! by Anonymous Coward · 2015-04-01 20:29 · Score: 0, Funny

but, but, I know that Linux is always secure, I read it on /.
Re:A closed-source component is responsible for th by Anonymous Coward · 2015-04-01 23:12 · Score: 4, Funny

But only on an open source operating system, in an open source browser.
I guess the quality of software written for closed source operating systems and browsers is just better.