38 matches found
Oracle Linux 8 : firefox (ELSA-2019-2663)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2663 advisory. 68.1.0-1.0.1 - Rebuild to pickup Oracle default bookmarks Orabug: 30069264 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.
The vulnerability of Google Chrome’s browser in the content/renderer/media/usermediaclientimpl.cc file arises from the use of memory after it is freed. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure by executing a specially crafted Java script upo...
chromium-browser: Use-after-free in WebRTC.
Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...
Server side request forgery (ssrf)
Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...
CVE-2015-1260
Removed by vendor...
CVE-2015-1260
CVE-2015-1260 affects Google Chrome up to version 43.0.2357.65, where multiple use-after-free vulnerabilities exist in the WebRTC interface (content/renderer/media/user_media_client_impl.cc). Exploitation via crafted JavaScript after getUserMedia can lead to denial of service and possibly other i...
CVE-2015-1260
Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2013:1142-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MozillaFirefox: Update to Firefox 22.0 release (important)
MozillaFirefox was updated to Firefox 22.0 bnc825935 Following security issues were fixed: MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer MFSA 2013-51/CVE-2013-1687...
FreeBSD : mozilla -- multiple vulnerabilities (b3fcb387-de4b-11e2-b1c6-0025905a4771)
The Mozilla Project reports : Miscellaneous memory safety hazards rv:22.0 / rv:17.0.7 Title: Memory corruption found using Address Sanitizer Privileged content access and execution via XBL Arbitrary code execution within Profiler Execution of unmapped memory through onreadystatechange Data in the...
Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)
Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking...
CVE-2013-1698
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...
Code injection
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...
CVE-2013-1698
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...
CVE-2013-1698
CVE-2013-1698 is MFSA 2013-60 describing a getUserMedia permission dialog issue in Mozilla Firefox prior to 22.0, where the dialog displays the top-level page URL instead of the specific page URL, enabling a crafted site to trick users into granting camera/microphone access. Affected product: Moz...
Firefox < 22.0 Multiple Vulnerabilities
The installed version of Firefox is earlier than 22.0 and is, therefore, potentially affected by the following vulnerabilities : - Various, unspecified memory safety issues exist. CVE-2013-1682, CVE-2013-1683 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...
CVE-2013-1698
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...
getUserMedia permission dialog incorrectly displays location — Mozilla
Mozilla engineer Matt Wobensmith discovered that when the getUserMedia permission dialog for an iframe appears in one domain, it will display its origin as that of the top-level document and not the calling framed page. This could lead to users incorrectly giving camera or microphone permissions...