An anonymous security researcher working with Trend Micro's Zero Day Initiative reported a buffer overflow in the ClearKey Content Decryption Module (CDM) used by the Encrypted Media Extensions (EME) API. This vulnerability can be triggered using a malformed video file due to incorrect error handling. This could allow arbitrary code execution if combined with a second vulnerability that allows an escape from the Gecko Media Plugin (GMP) sandbox. Without such a vulnerability, the buffer overflow is contained within the GMP sandbox and cannot be exploited.
Name: the Mozilla project
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2016:1551 https://rhn.redhat.com/errata/RHSA-2016-1551.html