Mozilla · Firefox · CVE-2015-7222
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions prior to 43.0
Firefox ESR versions prior to 38.5
**Description**
The issue is caused by an integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright. This allows remote attackers to execute arbitrary code or cause a denial of service via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
**Recommendations**
For Mozilla Firefox versions prior to 43.0, update to version 43.0 or later to resolve the issue.
For Firefox ESR versions prior to 38.5, update to version 38.5 or later to resolve the issue.