Mozilla released 11 patches for Firefox 44 and Firefox ESR 38.6 with three being rated as critical.
The first critical issue posted by Mozilla is an integer overflow during metadata parsing in Mozilla's use of the libstagefright library that could be exploited if triggered by a malicious MP4 formatted video file that would allow arbitrary code execution.Another critical flaw was discovered when a researcher used the Address Sanitizer tool to find a buffer overflow write when rendering some WebGL content, which could lead to a potentially exploitable crash.
Mozilla also identified and fixed several memory safety bugs in the browser engine used by Firefox and other Mozilla-based products that could be corrupted and exploited to run arbitrary code.
Two of the remaining issues were rated as “high” and the other six were of moderate importance.
