Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat SPICE插件竞争条件漏洞
Vulnerability Description
Red Hat SPICE是美国红帽(Red Hat)公司的一个企业虚拟化桌面版所使用的自适应远程呈现开源协议。该产品主要用于将用户与其虚拟桌面进行连接,能够提供与物理桌面完全相同的最终用户体验。 Firefox中的SPICE (又名spice-xpi)插件2.2版本中存在竞争条件漏洞。本地用户可以通过提供qspice 0.3.0版本中用于插件和客户端之间通信的UNIX套接字,并访问这个套接字,导致获取敏感信息和中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A