spice-xpi: unitialized pointer writes possible when getting plugin properties

The SPICE Firefox plug-in spice-xpi 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to 1 plugin/nsScriptablePeer.cpp and 2 plugin/plugin.cpp, which trigger multiple uses of an uninitializ...

spice-xpi/qspice-client unix socket race

Race condition in the SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client aka qspice-client in qspice 0.3.0, and then accessing this...

spice-xpi/qspice-client unix socket race

Race condition in the SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client aka qspice-client in qspice 0.3.0, and then accessing this...