Mozilla just published a security advisory (CVE-2016-2814) regarding a bug I reported against Firefox.
The defect causes an overflow in libstagefright which is used for video playback.
This causes a (potentially) exploitable crash triggered by specially designed video data.
The issue has been resolved in the latest version of Firefox (46) and both ESR versions (38.8 and 45.1).
You find the advisory and the bug report here: https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/