CVE-2016-2837 – Mozilla Firefox ClearKeyDecryptor Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-2837
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass. Desbordamiento de búfer basado en memoria dinámica en el ClearKey Content Decryption Module (CDM) en el Encrypted Media Extensions (EME) API en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 podría permitir a atacantes remotos ejecutar código arbitrario proporcionando un vídeo malformado y aprovechando un Gecko Media Plugin (GMP) sandbox bypass. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html http://rhn.redhat.com/errata/RHSA-2016-1551.html http://www.debian.org/security/2016/dsa-3640 http://www.mozilla.org/security/announce/2016/mfsa2016-77.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92258 http://www.securitytracker.com/id/1036508 http://www.ubuntu.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1706 – chromium-browser: sandbox escape in ppapi
https://notcve.org/view.php?id=CVE-2016-1706
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. La implementación PPAPI en Google Chrome en versiones anteriores a 52.0.2743.82 no valida el origen de los mensajes IPC para el plugin del proceso broker que debería haber llegado desde el proceso navegador, lo que permite a atacantes remotos eludir un mecanismo de protección sandbox a través de un tipo de mensaje inesperado, relacionado con broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc y render_frame_message_filter.cc. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securitytracker.com • CWE-20: Improper Input Validation •
CVE-2016-3211 – Microsoft Internet Explorer PerformDoDragDrop Protected Mode Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2016-3211
An attacker who has gained code execution within the Internet Explorer Protected Mode sandbox can leverage this method to place a malicious executable file in any location to which the user has write access. • http://www.securitytracker.com/id/1036096 http://www.zerodayinitiative.com/advisories/ZDI-16-366 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1797 – Apple OS X fontd Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2016-1797
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. Apple Type Services (ATS) en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes eludir las restricciones de política de sandbox destinadas a FontValidator y ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. ... Authentication is not required to exploit this vulnerability. The specific flaw exists within the sandbox policy for the fontd process. ... An attacker can leverage this in conjunction with other vulnerabilities to execute code outside the context of the Safari sandbox. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 http://www.zerodayinitiative.com/advisories/ZDI-16-360 https://support.apple.com/HT206567 • CWE-284: Improper Access Control •
CVE-2016-1629 – chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome
https://notcve.org/view.php?id=CVE-2016-1629
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. Google Chrome en versiones anteriores a 48.0.2564.116 permite a atacantes remotos eludir la Blink Same Origin Policy y el mecanismo de protección sandbox a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_18.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0286.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83302 http://www.securitytracker.com/id/1035184 http://www. • CWE-264: Permissions, Privileges, and Access Controls •