Lee wrote:
On 12/24/17, mozilla-lists.mbou...@spamgourmet.com wrote:
Enabled plugins are:
* VLC Web Plugin
* Adobe Acrobat
* Java(TM) Playform SE 8
You're a braver man than I, Gunga Din.
Have you seen https://www.securityfocus.com/bid/102214/discuss
A remote attacker can exploit this issue to cause a
denial-of-service condition. Given the nature of this issue, attackers
may also be able to execute arbitrary code, but this has not been
confirmed.
VideoLAN VLC version 2.2.8 and prior are vulnerable.
Thanks. I hadn't seen that one. It's not particularly clear what the
impact actually is though... "denial-of-service" could just mean it
causes VLC to crash or hang, or it could use all available memory and
slow the whole system to a crawl. The (unconfirmed) potential for
arbitrary code execution is more concerning.
Probably should have mentioned that I have plugins set to "ask to
activate" (although just noticed that VLC is "always activate"; I'll
change that). NoScript also blocks plugins on untrusted sites (so should
have been safe even with VLC always activate, but I wasn't intending to
rely on that).
--
Mark.
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey