Описание
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 54.0+build3-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [53.0+build6-0ubuntu0.14.04.1]] |
| precise | ignored | |
| precise/esm | DNE | precise was ignored |
| trusty | released | 53.0+build6-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [53.0+build6-0ubuntu0.14.04.1] |
| upstream | released | 53.0 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 53.0+build6-0ubuntu0.16.04.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected |
Показывать по
EPSS
7.5 High
CVSS2
8.6 High
CVSS3
Связанные уязвимости
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Cl ...
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
EPSS
7.5 High
CVSS2
8.6 High
CVSS3