Candidate: CVE-2016-1970
PublicDate: 2016-03-13 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1970
 https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/
Description:
 Integer underflow in the srtp_unprotect function in the WebRTC
 implementation in Mozilla Firefox before 45.0 on Windows might allow remote
 attackers to cause a denial of service (memory corruption) or possibly have
 unspecified other impact via unknown vectors.
Ubuntu-Description:
Notes:
 chrisccoulson> Windows only, according to Mozilla advisory
Bugs:
Priority: medium
Discovered-by: Ronald Crane
Assigned-to: chrisccoulson
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_firefox:
upstream_firefox: released (45.0)
precise_firefox: not-affected
trusty_firefox: not-affected
trusty/esm_firefox: DNE (trusty was not-affected)
vivid/ubuntu-core_firefox: DNE
vivid/stable-phone-overlay_firefox: DNE
wily_firefox: not-affected
devel_firefox: not-affected (45.0+build2-0ubuntu1)

Patches_thunderbird:
Priority_thunderbird: low
upstream_thunderbird: not-affected
precise_thunderbird: not-affected
trusty_thunderbird: not-affected
trusty/esm_thunderbird: DNE (trusty was not-affected)
vivid/ubuntu-core_thunderbird: DNE
vivid/stable-phone-overlay_thunderbird: DNE
wily_thunderbird: not-affected
devel_thunderbird: not-affected