45 matches found
Denial Of Service (DoS)
firefox is vulnerable to denial of service DoS. A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for...
CVE-2019-11749
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This...
CVE-2019-11749
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This...
Design/Logic Flaw
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This...
CVE-2019-11749
CVE-2019-11749 describes an information-disclosure vulnerability in WebRTC: malicious content can probe the getUserMedia constraints to reveal camera device properties without user prompt, enabling potential user fingerprinting. Affected products are Firefox prior to 69 and Firefox ESR prior to 6...
CVE-2019-11749
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This...
CVE-2019-11749
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This...
Oracle Linux 8 : firefox (ELSA-2019-2663)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2663 advisory. 68.1.0-1.0.1 - Rebuild to pickup Oracle default bookmarks Orabug: 30069264 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.
The vulnerability of Google Chrome’s browser in the content/renderer/media/usermediaclientimpl.cc file arises from the use of memory after it is freed. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure by executing a specially crafted Java script upo...
chromium-browser: Use-after-free in WebRTC.
Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...
Server side request forgery (ssrf)
Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...
CVE-2015-1260
CVE-2015-1260 affects Google Chrome up to version 43.0.2357.65, where multiple use-after-free vulnerabilities exist in the WebRTC interface (content/renderer/media/user_media_client_impl.cc). Exploitation via crafted JavaScript after getUserMedia can lead to denial of service and possibly other i...
CVE-2015-1260
Removed by vendor...
CVE-2015-1260
Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2013:1142-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MozillaFirefox: Update to Firefox 22.0 release (important)
MozillaFirefox was updated to Firefox 22.0 bnc825935 Following security issues were fixed: MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer MFSA 2013-51/CVE-2013-1687...
Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)
Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking...
FreeBSD : mozilla -- multiple vulnerabilities (b3fcb387-de4b-11e2-b1c6-0025905a4771)
The Mozilla Project reports : Miscellaneous memory safety hazards rv:22.0 / rv:17.0.7 Title: Memory corruption found using Address Sanitizer Privileged content access and execution via XBL Arbitrary code execution within Profiler Execution of unmapped memory through onreadystatechange Data in the...
CVE-2013-1698
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...
Code injection
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME...