Main Vulnerability Database Vulnerabilities #VU14635

Out-of-bounds write in Mozilla Firefox - CVE-2018-12379

Published: September 6, 2018

Vulnerability identifier: #VU14635

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-12379

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to out-of-bounds write when the Mozilla Updater opens a MAR format file which contains a very long item filename. A local attacker can run the Mozilla Updater on the local system with the malicious MAR file, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-12379

Update to version 62.0.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/

Out-of-bounds write in Mozilla Firefox - CVE-2018-12379

Detailed vulnerability description

How to mitigate CVE-2018-12379

Sources

Please verify you're human