Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered. External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-30.html Acknowledgements: Name: the Mozilla project Upstream: Luke Li Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.