Mozilla Foundation Security Advisory 2015-10

Update OpenH264 plugin to version 1.3

Announced
February 5, 2015
Reporter
Mozilla and Cisco Developers, Nils, Hanno Böck
Impact
Critical
Products
Firefox, OpenH264
Fixed in
  • Firefox 34
  • Firefox 35
  • OpenH264 1.3

Description

Mozilla and Cisco developers as well as security researcher Nils reported security and stability bugs affecting the OpenH264 plugin version 1.1. This plugin was available to Desktop Firefox 34 and 35 users as an on-demand download as needed. Security researchers Nils and Hanno Böck also reported issues not present in 1.1 but in the development branch and fixed in 1.3.

These issues have been addressed in the version 1.3 of the OpenH264 plugin, which has been shipped as an update to Desktop Firefox 34 and 35 installations. Details of Firefox reported fixes are below and Cisco will publish additional fix details and assign CVE numbers.

References