Mozilla Foundation Security Advisory 2015-07
Gecko Media Plugin sandbox escape
- January 13, 2015
- Fixed in
- Firefox 35
Security researcher Nils discovered a mechanism to break out of the Gecko Media Plugin (GMP) sandbox on Windows systems. The GMP sandbox is currently only used to host h.264 video playback using the OpenH264 plugin but is being developed to host other other media plugins. This bug would allow an attacker to escape or bypass the GMP sandbox if another exploitable bug is found in a GMP media plugin which allowed them to compromise the GMP process.
This bugs only affects Windows systems. OS X and Linux systems are not affected by it.