Mozilla Foundation Security Advisory 2015-10

Update OpenH264 plugin to version 1.3

Announced

February 5, 2015

Reporter

Mozilla and Cisco Developers, Nils, Hanno Böck

Impact

Critical

Products

Firefox, OpenH264

Fixed in

Firefox 34
Firefox 35
OpenH264 1.3

Description

Mozilla and Cisco developers as well as security researcher Nils reported security and stability bugs affecting the OpenH264 plugin version 1.1. This plugin was available to Desktop Firefox 34 and 35 users as an on-demand download as needed. Security researchers Nils and Hanno Böck also reported issues not present in 1.1 but in the development branch and fixed in 1.3.

These issues have been addressed in the version 1.3 of the OpenH264 plugin, which has been shipped as an update to Desktop Firefox 34 and 35 installations. Details of Firefox reported fixes are below and Cisco will publish additional fix details and assign CVE numbers.

References

invalid memcpy in openh264p
attempting free on address which was not malloc() in WelsDec::FreePicture
heap-buffer-overflow in WelsDec::WelsDecodeSlice
heap-buffer-overflow in WelsDec::McChroma_sse2
heap-buffer-overflow in WelsDec::WelsInitRefList

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2015-10

Update OpenH264 plugin to version 1.3

Description

References