The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls.
lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html
lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
lists.opensuse.org/opensuse-updates/2014-09/msg00011.html
secunia.com/advisories/60148
secunia.com/advisories/61114
www.mozilla.org/security/announce/2014/mfsa2014-70.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/69521
www.securitytracker.com/id/1030793
www.securitytracker.com/id/1030794
bugzilla.mozilla.org/show_bug.cgi?id=1047831
security.gentoo.org/glsa/201504-01