CVE-2016-2837

Priority
Description
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM)
in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0
and Firefox ESR 45.x before 45.3 might allow remote attackers to execute
arbitrary code by providing a malformed video and leveraging a Gecko Media
Plugin (GMP) sandbox bypass.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (48)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [48.0+build2-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (48.0+build2-0ubuntu0.16.04.1)
Package
Priority: Low
Upstream:not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2020-07-28 19:57:01 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)