Comment 12 for bug 1643467

Marking as security; either Firefox is wrong or libavcodec is vulnerable and probably we need security people to look at it to determine which one it is...