Cairo · Cairo · CVE-2016-2839
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions prior to 48.0
Mozilla Firefox ESR versions 45.x prior to 45.3
**Description**
The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted video. This is due to improper interaction between cairo surface extent calls and libav header allocation in FFmpeg.
**Recommendations**
For Mozilla Firefox versions prior to 48.0, update to version 48.0 or later.
For Mozilla Firefox ESR versions 45.x prior to 45.3, update to version 45.3 or later.