Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR 64-bit

Download Firefox ESR 32-bit

Download a different build

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR
Firefox Privacy Notice
Get Mozilla VPN

Mozilla Foundation Security Advisory 2015-47

Buffer overflow parsing H.264 video with Linux Gstreamer

Announced
May 12, 2015
Reporter
Aki Helin
Impact
High
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird
Fixed in
  • Firefox 38
  • Firefox ESR 31.7
  • SeaMonkey 2.35
  • Thunderbird 31.7
  • Thunderbird 38.0.1

Description

Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow during video playback on Linux systems. This was due to a problem in older versions of the Gstreamer plugin during the parsing of H.264 formatted video. This issue could be used to induce a possibly exploitable crash.

This issue does not affect the current 1.0 version of Gstreamer and does not affect Windows or OS X systems.

References