Mozilla Foundation Security Advisory 2015-147

Integer underflow and buffer overflow processing MP4 metadata in libstagefright

Announced
December 15, 2015
Reporter
Gerald Squelart
Impact
High
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 43
  • Firefox ESR 38.5

Description

Mozilla developer Gerald Squelart fixed an integer underflow in the libstagefright library initially reported by Joshua Drake to Google. The issues occurred in MP4 format video file while parsing cover metadata, leading to a buffer overflow. This results in a potentially exploitable crash and can be triggered by a malformed MP4 file served by web content.

In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts.

References