WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.
https://bugzilla.mozilla.org/show_bug.cgi?id=1436117
https://usn.ubuntu.com/3645-1/