Mozilla Foundation Security Advisory 2015-07

Gecko Media Plugin sandbox escape

Announced
January 13, 2015
Reporter
Nils
Impact
Critical
Products
Firefox
Fixed in
  • Firefox 35

Description

Security researcher Nils discovered a mechanism to break out of the Gecko Media Plugin (GMP) sandbox on Windows systems. The GMP sandbox is currently only used to host h.264 video playback using the OpenH264 plugin but is being developed to host other other media plugins. This bug would allow an attacker to escape or bypass the GMP sandbox if another exploitable bug is found in a GMP media plugin which allowed them to compromise the GMP process.

This bugs only affects Windows systems. OS X and Linux systems are not affected by it.

References