Endpoint Vulnerability

Use-after-free when using the Fluendo MP3 GStreamer plugin

Description

Security researcher Aki Helin reported a use-after-free when playing certain MP3 format audio files on the web using the Fluendo MP3 plugin for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by the plugin and its interaction with Mozilla code. This can lead to a potentially exploitable crash.

Affected Products

Thunderbird

References

CVE-2015-0813,