Mozilla Foundation Security Advisory 2016-32

WebRTC and LibVPX vulnerabilities found through code inspection

Announced
March 8, 2016
Reporter
Ronald Crane
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 45

Description

Security researcher Ronald Crane reported five "moderate" rated vulnerabilities affecting released code that were found through code inspection. These included the following issues in WebRTC: an integer underflow, a missing status check, race condition, and a use of deleted pointers to create new object. A race condition in LibVPX was also identified. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.

This issue only affects Windows systems. Linux, OS X, and Android systems are unaffected.

References