13 matches found
AlmaLinux 10 : firefox (ALSA-2025:14417)
The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:14417 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escape due...
RHEL 8 : firefox (RHSA-2025:15419)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:15419 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0103)
The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR...
Design/Logic Flaw
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin GMP sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...
CVE-2017-5448
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin GMP sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...
CVE-2017-5448
CVE-2017-5448 is an out-of-bounds write in ClearKeyDecryptor (Gecko Media Plugin sandbox). The issue allows writing arbitrary memory data, potentially causing a crash or remote code execution. Affected products include Firefox/Firefox ESR prior to patched versions; upstream advisories show fixes ...
Mozilla: Out-of-bounds write in ClearKeyDecryptor (MFSA 2017-11, MFSA 2017-12)
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin GMP sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...
Security vulnerabilities fixed in Firefox ESR 45.9 — Mozilla
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. A use-after-free vulnerability occurs during transaction processing in t...
CVE-2016-2837
Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...
UBUNTU-CVE-2016-2837
Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...
KLA10852 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code, spoof user interface, bypass security restrictions, conduct cross-site scripting or read local...
Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback — Mozilla
An anonymous security researcher working with Trend Micro's Zero Day Initiative reported a buffer overflow in the ClearKey Content Decryption Module CDM used by the Encrypted Media Extensions EME API. This vulnerability can be triggered using a malformed video file due to incorrect error handling...
Gecko Media Plugin sandbox escape — Mozilla
Security researcher Nils discovered a mechanism to break out of the Gecko Media Plugin GMP sandbox on Windows systems. The GMP sandbox is currently only used to host h.264 video playback using the OpenH264 plugin but is being developed to host other other media plugins. This bug would allow an...