CVE-2013-1708
Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.
Date published : 2013-08-06
http://www.mozilla.org/security/announce/2013/mfsa2013-67.html