CVE-2009-3388

Name	CVE-2009-3388
Description	liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	575743

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
liboggplay (PTS)	sid, trixie, buster, bookworm, bullseye	0.2.1~git20091227-5	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Debian Bugs
iceweasel	source	lenny	(not affected)
iceweasel	source	(unstable)	3.5.11-2
liboggplay	source	(unstable)	0.2.1~git20091227-1.1		575743
xulrunner	source	etch	(unfixed)	end-of-life
xulrunner	source	lenny	(not affected)
xulrunner	source	(unstable)	1.9.1.6-1

Notes

[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)