Heap-based buffer overflow in the resizecontextbuffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
{ "urgency": "not yet assigned" }