Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash. External references: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/
This security flaw was addressed in the following Firefox update: https://rhn.redhat.com/errata/RHSA-2016-0197.html