Security restrictions bypass in Mozilla Firefox - CVE-2018-5163
Published: May 10, 2018
Vulnerability identifier: #VU12544
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5163
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Mozilla Firefox
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to replacing of cached data in JavaScript start-up bytecode cache. A remote attacker with full control over a content process can replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code, run the executed script with the parent process' privileges and escaping the sandbox on content processes.
The weakness exists due to replacing of cached data in JavaScript start-up bytecode cache. A remote attacker with full control over a content process can replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code, run the executed script with the parent process' privileges and escaping the sandbox on content processes.
How to mitigate CVE-2018-5163
Update to version 60.0.