MP3 Backend of Firefox and Thunderbird Found Vulnerable
jones_supa writes A critical vulnerability has been found in the MPEG-1 Layer III playback backend of Mozilla Firefox and Thunderbird. Security researcher Aki Helin reported a use-after-free scenario when playing certain audio files on the web using the Fluendo MP3 plugin for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by the plugin and its interaction with Mozilla code. A maliciously crafted MP3 file can lead to a potentially exploitable crash. Linux is the only affected platform, so Windows and OS X users are safe from this particular vulnerability.
a use-after-free scenario when playing certain audio files (...) can lead to a potentially exploitable crash
It has been reported that the crash always happen when playing J.Bieber stuff.
Slashdot, fix the reply notifications... You won't get away with it...
But only on an open source operating system, in an open source browser.
I guess the quality of software written for closed source operating systems and browsers is just better.