cvedb.io
CVE-2016-2837
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2016-08-05T01:59:03.673 · Last modified 2026-06-17T00:44:33.693

Summary

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.

Affected products

mozilla — firefox

Does this affect you?

Add your gear to cvedb and we'll alert you only when mozilla ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.