#VU10967 Buffer overflow in Firefox ESR

Published: 2018-03-13

Vulnerability identifier: #VU10967

Vulnerability risk: High


CVE-ID: CVE-2018-5127


Exploitation vector: Network

Exploit availability:

Vulnerable software:
Firefox ESR
Client/Desktop applications / Web browsers

Vendor: Mozilla

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when manipulating the SVg animatedPathSegList through script. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Update to version ESR 52.7.

Vulnerable software versions

Firefox ESR: 52.6.0

Fixed software versions


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability