Mozilla · Firefox · CVE-2015-4480
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions prior to 40.0
Firefox ESR versions prior to 38.2
**Description**
The issue is related to an integer overflow in the stagefright::SampleTable::isValid function in libstagefright. This allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding.
**Recommendations**
For Mozilla Firefox versions prior to 40.0, update to version 40.0 or later.
For Firefox ESR versions prior to 38.2, update to version 38.2 or later.