Mozilla Foundation Security Advisory 2015-07

Gecko Media Plugin sandbox escape

Announced

January 13, 2015

Reporter

Nils

Impact

Critical

Products

Firefox

Fixed in

Firefox 35

Description

Security researcher Nils discovered a mechanism to break out of the Gecko Media Plugin (GMP) sandbox on Windows systems. The GMP sandbox is currently only used to host h.264 video playback using the OpenH264 plugin but is being developed to host other other media plugins. This bug would allow an attacker to escape or bypass the GMP sandbox if another exploitable bug is found in a GMP media plugin which allowed them to compromise the GMP process.

This bugs only affects Windows systems. OS X and Linux systems are not affected by it.

References

GMP sandbox break-out on Windows (CVE-2014-8643)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2015-07

Gecko Media Plugin sandbox escape

Description

References