Laf.Intel

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 40.0 Firefox ESR versions prior to 38.2 **Description** The issue is related to multiple integer overflows in the libstagefright library, which can be exploited by remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data. This can allow a remote attacker to execute arbitrary code. **Recommendations** For Mozilla Firefox versions prior to 40.0, update to version 40.0 or later. For Firefox ESR versions prior to 38.2, update to version 38.2 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 38.0 **Description** The issue is related to an integer overflow in libstagefright, which allows remote attackers to execute arbitrary code or cause a denial of service. This can be achieved through an MP4 video file containing invalid metadata, leading to a heap-based buffer overflow and out-of-bounds read. **Recommendations** For versions prior to 38.0, update to version 38.0 or later to resolve the issue.