Vulnerability Description
Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 13.1 |
| Mozilla | Firefox | <= 34.0.5 |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
- http://secunia.com/advisories/62253
- http://secunia.com/advisories/62446
- http://www.mozilla.org/security/announce/2014/mfsa2015-07.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/72043
- http://www.securitytracker.com/id/1031533
- https://bugzilla.mozilla.org/show_bug.cgi?id=1117140
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99962
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
- http://secunia.com/advisories/62253
- http://secunia.com/advisories/62446
- http://www.mozilla.org/security/announce/2014/mfsa2015-07.htmlVendor Advisory
FAQ
What is CVE-2014-8643?
CVE-2014-8643 is a vulnerability with a CVSS score of 7.1 (HIGH). Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH...
How severe is CVE-2014-8643?
CVE-2014-8643 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8643?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Mozilla Firefox, Microsoft Windows.