<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-2992" target="_blank">CVE</a>)</em> : The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Upgrade Firefox to version 6 or higher, Thunderbird to version 6 or higher, and SeaMonkey to version 2.3 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• OVAL ID: 14209
• CVE ID: 2011-2992 (see also: NVD)
• Secunia Advisory ID: 45581 45667 45785 45802 45808 49055
• Related OSVDB ID: 74581 74582 74583 74584 74585 74586 74587 74588 74589 74590 74591 74592 74593 74594 74596
• Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
• Vendor Specific Advisory URL: http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-31.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-33.html
  http://www.suse.com/support/security/advisories/2011_37_firefox.html
• Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-updates/2011-08/msg00043.html
  http://lists.opensuse.org/opensuse-updates/2012-04/msg00066.html
  https://bugzilla.mozilla.org/show_bug.cgi?id=672789 [ Auth Req'd ]

• Bert Hubert - Fox-IT BV
• Theo Snelleman - Fox-IT BV