Description
Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031533
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1117140
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62446
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72043
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99962
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62253
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2014/mfsa2015-07.html
Scores
EPSS
0.0130
EPSS Percentile
80.0%
Details
CWE
CWE-264
Status
published
Products (3)
mozilla/firefox
< 34.0.5
opensuse/opensuse
13.1
opensuse/opensuse
13.2
Published
Jan 14, 2015
Tracked Since
Feb 18, 2026