Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://www.mozilla.org/security/announce/2016/mfsa2016-77.html | vendor advisory |
| http://www.debian.org/security/2016/dsa-3640 | vendor advisory |
| http://www.securitytracker.com/id/1036508 | vdb entry |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | third party advisory |
| http://www.ubuntu.com/usn/USN-3044-1 | vendor advisory |
| http://www.securityfocus.com/bid/92258 | vdb entry |
| http://rhn.redhat.com/errata/RHSA-2016-1551.html | vendor advisory |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1274637 | issue tracking permissions required |
| https://security.gentoo.org/glsa/201701-15 | vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html | vendor advisory |
| http://www.zerodayinitiative.com/advisories/ZDI-16-673 | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html | vendor advisory |