Qab

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 112.0.5615.49 **Description** The issue is related to a use after free in Vulkan, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 112.0.5615.49, update to version 112.0.5615.49 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version Windows Media Player in Microsoft Windows 8.1 Windows Media Player in Microsoft Windows Server 2012 R2 Windows Media Player in Microsoft Windows RT 8.1 Windows Media Player in Microsoft Windows 7 SP1 Windows Media Player in Microsoft Windows 2008 SP2 and R2 SP1 Windows Media Player in Microsoft Windows Server 2016 Windows Media Player in Microsoft Windows Vista SP2 Windows Media Player in Microsoft Windows 10 Gold, 1511, and 1607 **Description** The issue allows remote attackers to obtain sensitive information via a crafted web site. This is related to the lack of protection for service data, which can be exploited by a remote attacker to gain confidential information using a specially formed website. **Recommendations** For Microsoft Windows 8.1, update to a version that includes the fix for this issue. For Microsoft Windows Server 2012 R2, update to a version that includes the fix for this issue. For Microsoft Windows RT 8.1, update to a version that includes the fix for this issue. For Microsoft Windows 7 SP1, update to a version that includes the fix for this issue. For Microsoft Windows 2008 SP2 and R2 SP1, update to a version that includes the fix for this issue. For Microsoft Windows Server 2016, update to a version that includes the fix for this issue. For Microsoft Windows Vista SP2, update to a version that includes the fix for this issue. For Microsoft Windows 10 Gold, 1511, and 1607, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to Windows Media Player until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 **Description** The issue is related to errors in handling the "#" character in URI data, which can be exploited by a remote attacker to spoof websites. The estimated number of potentially affected devices and details about real-world incidents are not specified. Technical details about exploitation include mishandling of the `#` character in a `data: URI`, allowing remote attackers to spoof web sites via unspecified vectors. **Recommendations** For versions prior to 43.0, update to version 43.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of `data: URI` until a patch is available. Avoid using the `#` character in `data: URI` schemes to minimize the risk of exploitation.