Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2015-07
HistoryJan 13, 2015 - 12:00 a.m.

Gecko Media Plugin sandbox escape — Mozilla

2015-01-1300:00:00
Mozilla Foundation
www.mozilla.org
22

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

EPSS

0.009

Percentile

83.0%

JSON

Security researcher Nils discovered a mechanism to break out of the Gecko Media Plugin (GMP) sandbox on Windows systems. The GMP sandbox is currently only used to host h.264 video playback using the OpenH264 plugin but is being developed to host other other media plugins. This bug would allow an attacker to escape or bypass the GMP sandbox if another exploitable bug is found in a GMP media plugin which allowed them to compromise the GMP process.

Affected configurations

Vulners
Node
mozillafirefoxRange<35
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
ubuntucve 1
nvd 1
cve 1
openvas 4
freebsd 1
suse 3
securityvulns 1
nessus 6
prion
prion
Design/Logic Flaw
2015-01-14 11:59:00
cvelist
cvelist
CVE-2014-8643
2015-01-14 11:00:00
ubuntucve
ubuntucve
CVE-2014-8643
2015-01-14 00:00:00
nvd
nvd
CVE-2014-8643
2015-01-14 11:59:11
cve
cve
CVE-2014-8643
2015-01-14 11:59:11
openvas
openvas
Mozilla Firefox Multiple Vulnerabilities-01 (Jan 2015) - Windows
2015-01-20 00:00:00
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:0077-1)
2015-01-20 00:00:00
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:0077-2)
2015-09-18 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-01-13 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2015-01-19 14:04:43
Security update for MozillaFirefox (important)
2015-01-19 15:04:39
Security update for seamonkey (important)
2015-02-02 12:05:27
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-01-19 00:00:00
nessus
nessus
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2015:0077-2)
2015-01-20 00:00:00
Mozilla Firefox < 35.0 Multiple Vulnerabilities
2015-01-16 00:00:00
Firefox < 35 Multiple Vulnerabilities
2015-01-14 00:00:00

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

EPSS

0.009

Percentile

83.0%

JSON
Related for MFSA2015-07
prion1cvelist1ubuntucve1nvd1cve1openvas4freebsd1suse3securityvulns1nessus6