Integer overflow in Firefox ESR - CVE-2018-5144
Published: March 13, 2018
Vulnerability identifier: #VU10971
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5144
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Firefox ESR
Firefox ESR
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to integer overflow during conversion of text to some Unicode character sets. A remote attacker can supply unchecked length parameter, trigger overflow and cause the service to crash.
The weakness exists due to integer overflow during conversion of text to some Unicode character sets. A remote attacker can supply unchecked length parameter, trigger overflow and cause the service to crash.
How to mitigate CVE-2018-5144
Update to version ESR 52.7.