Massimiliano Tomassoli

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 40.0 Firefox ESR versions prior to 38.2 **Description** The issue is related to an integer overflow in the stagefright::SampleTable::isValid function in libstagefright. This allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding. **Recommendations** For Mozilla Firefox versions prior to 40.0, update to version 40.0 or later. For Firefox ESR versions prior to 38.2, update to version 38.2 or later.