spice-xpi: unitialized pointer writes possible when getting plugin properties
The SPICE Firefox plug-in spice-xpi 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to 1 plugin/nsScriptablePeer.cpp and 2 plugin/plugin.cpp, which trigger multiple uses of an uninitializ...