An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. A flaw exists in the 'nsHttpChannelAuthProvider::OnAuthCancelled()' function in 'netwerk/protocol/http/nsHttpChannelAuthProvider.cpp' that is triggered as certain input is not properly validated. A flaw exists in 'netwerk/sctp/src/netinet/sctputil.c' that is triggered when handling association failures. This may allow a context-dependent attacker to corrupt memory, crashing a process linked against the library and potentially allowing the execution of arbitrary code. A flaw exists in the 'parse()' function in 'libavcodec/vp9_parser.c' that is triggered when handling input frame sizes. A flaw exists in the 'nsNodeUtils::CloneAndAdopt()' function in 'dom/base/nsNodeUtils.cpp' that is triggered as certain input is not properly validated. A flaw exists in the WebRTC component that is triggered as certain input is not properly validated when handling H.264 STAP-A content. A flaw exists in 'netwerk/sctp/src/netinet/sctputil.c' that is triggered as certain input is not properly validated. This may allow a Man-in-the-Middle (MitM) attacker able to generate a trusted certificate to conduct spoofing attacks.
Description Versions of Mozilla Firefox earlier than 45.4 are unpatched for the following vulnerabilities : - A flaw exists as the certificate pinning policy for built-in sites like '' is not honored due to the pins having expired. Synopsis The remote host has a web browser installed that is vulnerable to multiple attack vectors.
0 kommentar(er)
