Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have other impact by triggering a crafted WebRTC RTP packet.
Credit:
The information has been provided by Cajus Pollmeier, cgvwzq, musicDespiteEverything, Masato Kinugawa, Abdulrahman Alqabandi, Stuart Larsen, Ronald Crane and Kris Maglione.
Vulnerable Systems:
*Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5
Immune Systems:
*Mozilla Firefox after 43.0 and Firefox ESR 38.x after 38.5
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions, obtain sensitive information, bypass same-origin policy restrictions to access data, and execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.