Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox prior to 48.0 and Firefox ESR 45.x prior to 45.3 might allow remote malicious users to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox esr 45.2.0 |
||
mozilla firefox esr 45.3.0 |
||
mozilla firefox esr 45.1.1 |
||
mozilla firefox esr 45.1.0 |
||
mozilla firefox |
||
oracle linux 6 |
||
oracle linux 5.0 |
||
oracle linux 7 |