1
PublicDateAtUSN: 2016-08-03
2
Candidate: CVE-2016-2837
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2837
6
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
7
https://bugzilla.mozilla.org/show_bug.cgi?id=1274637
8
https://usn.ubuntu.com/usn/usn-3044-1
10
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM)
11
in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0
12
and Firefox ESR 45.x before 45.3 might allow remote attackers to execute
13
arbitrary code by providing a malformed video and leveraging a Gecko Media
14
Plugin (GMP) sandbox bypass.
20
Assigned-to: chrisccoulson
23
upstream_firefox: released (48)
24
precise_firefox: released (48.0+build2-0ubuntu0.12.04.1)
25
trusty_firefox: released (48.0+build2-0ubuntu0.14.04.1)
26
vivid/ubuntu-core_firefox: DNE
27
vivid/stable-phone-overlay_firefox: DNE
28
xenial_firefox: released (48.0+build2-0ubuntu0.16.04.1)
29
devel_firefox: not-affected (48.0+build2-0ubuntu1)
32
Priority_thunderbird: low
33
upstream_thunderbird: not-affected
34
precise_thunderbird: not-affected
35
trusty_thunderbird: not-affected
36
vivid/ubuntu-core_thunderbird: DNE
37
vivid/stable-phone-overlay_thunderbird: DNE
38
xenial_thunderbird: not-affected
39
devel_thunderbird: not-affected