Endpoint Vulnerability

WebRTC and LibVPX vulnerabilities found through code inspection

Description

Security researcher Ronald Crane reported five 'moderate' rated vulnerabilities affecting released code that were found through code inspection. These included the following issues in WebRTC: an integer underflow, a missing status check, race condition, and a use of deleted pointers to create new object. A race condition in LibVPX was also identified. These do not all have clear mechanisms to be exploited through web content but are vulnerable if a mechanism can be found to trigger them.

Affected Products

Firefox