Bert Massop

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 48.0 Mozilla Firefox ESR versions 45.x prior to 45.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted video. This is due to improper interaction between cairo surface extent calls and libav header allocation in FFmpeg. **Recommendations** For Mozilla Firefox versions prior to 48.0, update to version 48.0 or later. For Mozilla Firefox ESR versions 45.x prior to 45.3, update to version 45.3 or later.