An anonymous security researcher working with Trend Micro's Zero Day Initiative reported a buffer overflow in the ClearKey Content Decryption Module (CDM) used by the Encrypted Media Extensions (EME) API. This vulnerability can be triggered using a malformed video file due to incorrect error handling. This could allow arbitrary code execution if combined with a second vulnerability that allows an escape from the Gecko Media Plugin (GMP) sandbox. Without such a vulnerability, the buffer overflow is contained within the GMP sandbox and cannot be exploited. External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-77.html Acknowledgements: Name: the Mozilla project
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:1551 https://rhn.redhat.com/errata/RHSA-2016-1551.html