CVE-2016-1971

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 45.0

Description The issue is related to the I420VideoFrame::CreateFrame function in the WebRTC implementation, which omits an unspecified status check. This could allow remote attackers to cause a denial of service, potentially through memory corruption, or have other unknown impacts. The vulnerability is also described as a buffer overflow issue in the same function.

Recommendations For versions prior to 45.0, update to version 45.0 or later to resolve the issue. As a temporary workaround, consider disabling the WebRTC implementation until a patch is available. Restrict access to the I420VideoFrame::CreateFrame function to minimize the risk of exploitation. Avoid using the affected WebRTC functionality in Mozilla Firefox until the issue is resolved.