Juan Becerra

**Name of the Vulnerable Software and Affected Versions** liboggplay versions prior to 3.5.4 Mozilla Firefox versions 3.5.x before 3.5.4 **Description** The issue is related to the oggplay data handle theora frame function in liboggplay, which can cause a denial of service or possibly execute arbitrary code when encountering a decoding error for the first frame in a crafted .ogg video file. This is due to the function attempting to reuse an earlier frame data structure, leading to a NULL pointer dereference and application crash. **Recommendations** For liboggplay versions prior to 3.5.4, update to version 3.5.4 or later to resolve the issue. For Mozilla Firefox versions 3.5.x before 3.5.4, update to version 3.5.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.5.x through 3.5.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code. This is related to the `TraceRecorder::snapshot` function in `js/src/jstracer.cpp` and other unspecified vectors. **Recommendations** For Mozilla Firefox versions 3.5.x through 3.5.1, update to version 3.5.2 or later to resolve the issue.