Mozilla Firefox CVE-2016-2837 Buffer Overflow Vulnerability

description-logoDescription

An anonymous security researcher working with Trend Micro's Zero Day Initiative reported a buffer overflow in the ClearKey Content Decryption Module (CDM) used by the Encrypted Media Extensions (EME) API. This vulnerability can be triggered using a malformed video file due to incorrect error handling. This could allow arbitrary code execution if combined with a second vulnerability that allows an escape from the Gecko Media Plugin (GMP) sandbox. Without such a vulnerability, the buffer overflow is contained within the GMP sandbox and cannot be exploited.

affected-products-logoAffected Applications

Firefox
Firefox ESR

CVE References

CVE-2016-2837